Downloading apps outside Google Play is risky for Android users

Chris Yerga
Chris Yerga, engineering director of Android, speaks about Google Play at Google I/O 2013 in San Francisco. When downloading apps from sources other Google Play, Android users are more likely to run into a malicious program.
(Jeff Chiu / AP)

Leaving the front door unlocked is a risky move. And that risk is the same with smartphones running Android, Google’s open operating system. Android phones come with unlocked doors, allowing them to install applications found almost anywhere online.

But when downloading applications from somewhere other than the Google Play store, Android device users must be more cautious than ever, according to Juniper Networks third annual Mobile Threats Report.

People who create viruses and other malicious software, or malware, for mobile devices have targeted Android because it has become the dominant mobile operating system worldwide. Although Google cracks down on malware found in the Play store, other websites and stores are less likely to scan for malicious software.

ALSO: Adware is biggest threat to smartphone security in U.S., report says


“In the interest of building up their inventory, third-party app markets may have few – if any – barriers to entry for mobile application developers,” the report states. “That results in poor quality and malicious applications making it onto these online stores and, from there, onto Android devices.”

Karim Toubba, Juniper’s vice president for security products and strategy, said he expects third-party app stores to try to grow through increased marketing. That could expose even more users to dangerous apps.

At least 500 alternative app stores contain malware. About 3 in 5 are focused on countries where Juniper says Google Play isn’t popular, including Russia and China.

The most common thieves in these stores are apps that quietly send premium text messages. After the app gets a user’s phone to send a text message to a special number, money gets routed from the user to whomever created the “SMS Trojan.”  


The money transfer shows up as an extra charge on cellphone bills, but many cellphone subscribers miss the extra few dollars and cents. Juniper found that each successful attack earns malware creators about $10.

Updates to Android software have made such SMS attacks more difficult because users get a warning before a premium text is sent. But the latest version of Android is installed on just 32% of devices, though it was released in November.

Smartphone manufacturers must review Android updates, adapt them and test them. The extensive process can take months. Toubba said that’s not good enough.

“The operating system vendors need to be more diligent about collaborating with service providers to facilitate and automate the ability to push security updates to these devices,” he said.

Google did not respond to a request for a comment. Last month, Android’s engineering director said developers are working to solve the security gap.

Juniper, Sophos, Lookout, McAfee and many others offer mobile apps to scan for malware.

Apple users who “jailbreak” their devices can also open devices’ doors and download applications from third-party markets.



Snapchat screenshot alerts disabled by change in iOS 7

Sony’s mammoth Xperia Z Ultra smartphone sports 6.4-inch screen

PasswordBox is new app for managing passwords with ‘master’ key [video chat]

Get our weekly Business newsletter

A look back, and ahead, at the latest California business news.

You may occasionally receive promotional content from the Los Angeles Times.