Unlike on desktop, finding and installing the right app for almost any task is child’s play on mobile. A quick search and download are often all you need to get going. Even if an official store doesn’t have what you need, it doesn’t take a CS degree to circumvent built-in defenses and sideload apps you can find elsewhere.
If you think that doesn't sound safe, you're right. But let's take it a step further – are the Play Store and App Store most of us take for granted safe enough? Here, we explore five risky security vulnerabilities mobile users face. One addresses third-party stores specifically, but the others affect the big two despite Apple and Google’s best efforts. Find out which dangers you’re subject to when using mobile app stores and how to protect yourself below.
Third-Party Stores
Say what you want about the two officially sanctioned mobile app stores, but they're by far the safest and best-regulated options available. Conversely, third-party app stores aren't as policed, and finding fake or harmful apps on them is more likely.
Android lovers and advanced iPhone users who’ve jailbroken their phones are at the highest risk. However, third-party stores and the dangers they bring are poised to become more common on regular iPhones, thanks to the anti-gatekeeping efforts of the EU's Digital Markets Act.
The safest course of action is to ignore such markets and stick to the trusted duo, at least until alternatives prove themselves equally trustworthy.
Malicious Apps
Despite stringent quality checks performed by humans, especially on the App Store, malicious apps may still find their way onto sanctioned markets. They're few and far between, but their harmful potential makes up for that.
Some will drain your battery or turn your phone into a crypto-miner and slow it down to a crawl. Others may access your contacts and send spam messages or access and steal sensitive data.
Always read user reviews and be wary of apps from unproven developers with few downloads. Since these apps may try to compromise your accounts, it's crucial to use a password manager to ensure unique credentials that are impossible to brute force for each. Moreover, make sure that 2FA is on for your store login and any other critical account you secured with a password manager.
Data Privacy Concerns
The vast majority of apps available on official stores are legitimate. That doesn’t mean their behavior can’t be suspect, though. Asking for access to more permissions than the app requires to function correctly happens frequently.
For example, why would a QR code reader require contact access? It might just be poor coding, but it may also be an attempt to extract and sell your personal and other sensitive information.
Carefully review every app’s permissions before installing it. If you’re still unsure, check the app’s privacy policy to see which data it accesses and how that data is used.
Outdated Apps
Useful, entertaining, and highly regarded apps can become unsafe over time if the developer goes out of business or stops updating them. Stores may still offer such apps for download. Yet, doing so is a bad idea. Since no new updates are available, using such apps puts you at greater risk of falling victim to exploits.
Before installing, check when the last update happened and how frequently updates occur. Ensure that your phone's automatic updates are on. Go over and delete already installed apps that haven't received updates in a while.
Code Vulnerabilities
Despite their best efforts, reputable developers may publish apps with vulnerabilities in their code that can go unnoticed through multiple update cycles.
These vulnerabilities make the apps susceptible to attacks like code injection or remote code execution attacks. At one point, such attacks potentially impacted several high-profile Android apps with millions of downloads before the vulnerabilities were detected and patched.
End users can’t do much about these exploits directly other than keep track of the latest threat news and install updates as soon as they're live. However, you can take general precautions, like installing a VPN, which makes internet access from your device more secure overall.
VPNs encrypt the connection, increasing your privacy and blocking anyone from monitoring your online activity. Additionally, advanced and quality VPNs can block known malicious sites. This reduces the chance of drive-by malware infection and makes it less likely you’ll accidentally install harmful apps from a malicious source.