How to Mitigate Risk Associated With Unverified Android Apps Installations?

Online security blogs don’t leave a single opportunity to show Android apps from unknown sources in bad lights. Not every app from an unknown distribution source tends to contain malware. Not every app that is distributed via Play Store is safe either.

We all come across a situation when we have to install an app from an unknown source. Unlike iOS, Android lets you install any app regardless of the source. In fact, that is the best part about android–the freedom. The key is to balance the freedom without compromising your device. Installing Antivirus is one way, but there are many other ways to mitigate risks associated with unverified android apps installations.

Security vulnerabilities are a major issue on Android apps and the platform as a whole. We are all aware of the situation. Google News “Android malware” someday and the results are sure to make you dizzy.

“Xavier Android Ad Malware Steals User Data Then Plays Hide and Seek”, says the very first news. Even apps listed and verified by Google before being published on Play Store aren’t spared. “Xavier Android Malware Found In Over 800 Google Play Store Apps: How Is It Different From Other Malware?”,calls a headline by Tech Times dated 26 June ‘17.

If you think that’s the only malware to ever make inroads intoPlay Store, mere six days ago the news surrounding Ztorg-Based Android Malware cooled down after Google removed a few apps infected by the malware.

With so much going, installing unverified android apps seems out of the question. Admit it or not, we all come across a situation when we have/ want to install an app from an unknown source. It may be an app not available in your country’s Play Store, an app your friend sent you over via Xender or Shareit, an app unpublished from the store, an app incompatible with your device or an app yet to be launched. Moreover, not every Android is a Google certified and contains Play Store. Manufacturers often skip Google certification for their low-end devices to cut cost.

Whatever is the case, you can take many steps to make sure an android app doesn’t contain malware or at least mitigate the risks typically associated with unverified android app installations:

Authenticity of the source

At launch, many resorted to downloading Pokémon Go outside of Play Store owing to its unavailability in key markets including India and Brazil leading to widespread malware propagation and thousands of infected devices with the impersonating apps.

Before you install an app, check where did you receive it from. If a website, which website is it? If from a person, how well do you know the person; did he install the app on his device? If so, is his phone infected?

Is it attached to an email you received from a developer who wants you to test the app before the launch? Check the email address. Is it the developer or some in disguise? Developers seldom use @gmail.com and @yahoo.com addresses with tens of underscore.

APKMirror is a safe online repository of Android App’. I downloaded Pokémon Go from there before it was launched in my country.

Antivirus, scanners, and security suites

Remember the days of Windows XP and Vista when installing antivirus software used to be a necessary evil. That changed with Windows 7 when Microsoft started including Windows Defender within the core OS. The situation with Android may not be that bad, but it’s not very far from it either.

Modern Android malware protectors not only protect your device from installed apps, but also scan an app before you install it. Firewall, often included in such software, prevents a spying app from sharing personal information stored on your device over a network.

Google it

Unwariness leads to tragedy. If you’re about to install an app, Google its full name and if there is an ongoing security problem associated with the app, you’ll learn from the search trends and the news section. For example, if you google Magic Browser, an Android app affected by Ztorg,the new results will reflect so.

Is the. apk tempered?

Android apps come with .apkextension. .apk files are not very different from .zip files and with the help of regular archive software like WinZip they can be tampered with. A person trying to steal a confidential file from your Android device may only have to unpack the app archive, add an extra line of code to it, repack it and wait for you to install the tampered app.

Although checking an app for tampering is a bit technical, it’s one necessary step if the security of your device is paramount to you. Ask your developer friends, who might run a bunch of codes to check the authenticity of certificates inside the app archive against a reliable app source.

Behaviors Analysis

If you believe that the app you recently installed changed the way your device behaves, uninstall the app at once.

Apps that serve an unseen purpose like stealing your bank information in the background of an addictive free game or a useful app may cause performance issues in your device like frequent freezes, crashes, restarts, overheating, etc. as they hog extra resources to serve the dual purpose.


Aforementioned steps may safeguard you against installing unsolicited appsundermany instances. However, no amount of precautions can guarantee safety every time you install an unverified app. No measure is safe, not even apps distributed via Play Store. Therefore, it is always safer to download apps from app stores whenever possible to mitigate the risks associated with Android app.

Android gives too much freedom to its developer and developers take advantage of the freedom. Isn’t it very different from the world we live in?

Author Bio

Shahid Mansuri co-founded Peerbits, one of the leading Android App Development companies, in 2011. His visionary leadership and flamboyant management style have yielded fruitful results for the company, He believes in sharing his strong knowledge base with a lean concentration on entrepreneurship and business. Being an avid nature lover, he likes to flaunt his pajamas on the beach during the vacations.

Follow me on Facebook, Twitter, LinkedIn, Google+

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...