Advisory: Android Users Should Beware of Third-Party App Stores
If you have an Android device and get your apps from third-party app stores, you may be much more exposed to security threats than you think you are. According to an advisory from Trend Micro, no less than four third-party app stores for Android have apps with a malicious component that seeks root access to devices.
The advisory notes: "Based on the data from our Trend Micro Mobile App Reputation Service, there are 1,163 malicious APKs detected as ANDROIDOS_ LIBSKIN.A. In addition, between January 29 and February 1, malicious apps detected as this malware have been downloaded in 169 countries and can be found in four third party app stores, namely Aptoide, Mobogenie, mobile9, and 9apps. We have already contacted these stores and informed them about these threats, but as of this writing, we have yet to receive any confirmation from their end."
Of course, you don't have to be exposed to such threats. The advisory also states: "Malicious apps have a history of popping up from these third party websites, a reason why it is often recommended that Android users must stick to Google Play. Because of Google’s security measures, we believe it is the safest platform for downloading apps. It is worth noting, however, that third-party app stores are implementing means to tighten their security."
Lots of users get their apps exclusively from Google Play, but third-party app stores are on the rise. One option that you can pursue to avoid downloading fake apps is to download the app from the developer’s website. You can often discern from a third-party app store where the developer's site is found.
Trend Micro also advises that developers publishing their apps should make sure to partner with reputable stores.