Android has several layers of embedded security that are very useful in keeping most threats at bay. But history shows the users’ determination and the criminals’ ingenuity will always find a way to bypass those security layers. Simply put, Android’s default security is not enough, and it never was.
Installing malware on an Android device is not easy. Users usually have to take some extra steps and ignore big red flags on the way. In this case, it would be easy to fault them for bypassing existing security measures, but users sometimes install infected apps from official stores, complicating matters.
These two main problems pop up repeatedly as one of two ways malware spreads into the Android ecosystem. Google took some measures to mitigate this problem by making it harder for users to install apps from other sources and by scanning and inspecting apps made available in the official store. But it’s not enough.
App sideloading in Android is a fantastic feature and a huge security problem
The ability to install apps in Android manually is one of the platforms’ most prominent strengths and a key feature that sets it apart from its main competitor, iOS. But with great power comes great responsibility.
There are many reasons why a user might want to install an app manually. Maybe the user wants to bypass geographical limitations, or perhaps the latest version of the app crashes, so an older and more stable variant might work. Whatever the case, installing apps from sources other than the official store can be helpful.
Unfortunately, criminals know this all too well. Many malware campaigns seek to trick Android users into installing malicious apps, using the exact mechanism that other people use to install legit apps. Getting rid of the option to sideload apps is not a solution.
The official store is safe until it’s not
Other criminals take the long way around. They develop apps that can bypass the security measures Google sets for developers who want to publish apps in the official store. It’s not easy, but it happens. In fact, it often happens enough that Google regularly removes apps from the store. For example, Bitdefender found many banker trojans deployed from apps available in the Google Play Store.
Making matters worse, the Google Play Store is not the only official store out there. Other phone manufacturers offer their own store, like Samsung, and its Galaxy Store, which recently was distributing more than one malware app in a single campaign.
Android security is not enough
Despite existing security measures, criminals still find ways to abuse the Android system. Whether it’s with the unwitting complicity of users or through the official stores, the dangers are real. That’s why users need a second layer of security, more powerful than the existing one.
Bitdefender Mobile Security & Antivirus makes the Android experience much safer while keeping a low profile in the background. Installing apps from unknown sources is no longer a lottery because the security solution scans absolutely all installs. And that includes the ones from the official stores.
There’s no reason to drop an amazing feature such as app sideloading because there’s a way to make Android safer and keep an option that’s such a big part of the reasons why people choose this platform in the first place.