According to analyst IDC, Android-based smartphones account for three out of every 4 phones sold worldwide in Q3 2012. As anticipated, this expansion of the market has also prompted a surge in fraudulent apps being developed and installed on phones. Security firm F-Secure reports a 10X increase in the number of distinct malware apps detected in the marketplace, finding over 50k apps this quarter alone. Most of these apps appear to be making their debut on 3rd party apps stores outside of the US looser security standards allow the malware to slip into the marketplace undetected.
What this means for you:
Earlier this year, Google implemented a security review process on its official “Play” store, reducing the number of fraudulent apps significantly. However, unlike the iPhone ecosystem, which locks users into only getting apps through its tightly controlled and reviewed iTunes appstore, Androids can bypass the Google’s official appstore to “sideload” apps on their smartphones via a single checkbox setting that is available in the operating system. Just because you can do something doesn’t mean you should. With the possible exception of Amazon’s App Store, I would not recommend installing apps from any 3rd party app store. Amazon.com led the way in sideloading by announcing their own appstore in early 2011, primarily as a means to avoid paying distribution fees to Google to service their own Android-based Kindle devices. Given that keeping their user base safe is probably of utmost concern, it’s likely that Amazon will be carefully reviewing apps distributed through their ecosystem.
If you insist on sideloading apps from a 3rd party app store, make sure you know what you are doing, review the apps carefully, and when in doubt, do your research before installing that magical app that will do it all, and is also free. It may not cost you any money up front, but the longterm damage to your security and identity may be a cost you can’t afford.