If you don’t want to gamble and install an app or game from an untrusted place online, or you are wondering how to check if an app is safe after installing it, this guide should give you a hand.
Official app stores are not always the safest option
Based on the data released by the Android security team last year, we are about 10 times more likely to download a potentially harmful Android app if using some non-official store. Although it’s still not 100% safe, we are better off downloading from official stores.
But we sometimes want to download from non-official marketplaces, as there are many apps and games that are not available in official stores (due to their high fees). It’s riskier, though, and to minimize the risk, you should download from more reputable, trusted app stores.
However, even the official and most reputable stores cannot guarantee that their every app is safe. There are very few things a bad-wishing developer can “smuggle” into a store inside their app, but it does happen.
The best advice here would be to do your homework and to use our suggested methods of checking an app – even when downloading some lesser known apps from official stores.
Before you download…
Investigate the app store or developer
Be sure to do some detective work on the makers, their previous apps, and if possible, the rapport they have in the tech community. Twitter and Facebook are wonderful for research when it comes to seeing what people think of the app and the team behind it.
Review the reviews. For the App Store and Google Play, reviews are a good reference point. However, please know that companies can “doctor” the reviews…
In addition, one more thing you can do is a quick Google search for: “[company/dev name] scam OR virus” or similar. You might find out some not nice things about that company or dev…
In the end, trust your gut feeling: If anything seems fishy or too good to be true, it may as well be.
You may also write to the devs/company and ask about anything that’s bothering you. Small studios and indie devs are usually very responsive and love hearing from their users.
Questions to ask yourself (or the devs):
- Does the app track the user?
- Does it ask for my social media login info?
- Does the app leak data that can identify my device?
- Does the app send data such as email addresses or phone numbers to a third-party?
- Does the app send usernames and passwords over the web in plain text? Are they stored on the device using weak encryption?
A good idea is to check the app’s permissions in your device’s settings. Be extra careful with apps that require the following permissions (bad apps will ask for them without a legitimate need): full network access, preventing a device from sleep, running at startup, taking pictures and videos, knowing your location, read text messages, modify or delete SD card contents, and similar.
If you are not fine with what the app/company is requiring or doing with your data, just search for some other similar app that doesn’t do what you don’t like.
After you download…
Scan the Android APK or iOS IPA
If you're planning to install an IPA or APK file you've downloaded from some non-official source, it's a good idea to run a security check. It’s easy to do using one of the online virus scanners. It’s easy to find one too – simply search Google for "scan .apk for viruses" or "scan .ipa for viruses" and you should have many options to choose from.
Usually, such tools provide a detailed report on your IPA file or APK file. But be aware that with some there's file size limit which means your IPA or APK may be too large. In this case, try another tool.
Check the app’s hash
Another way to see if you have a good APK or IPA is to check its hash code. The SHA (hash) of a file is something like a digital fingerprint of that file. If the app you're looking for has its SHA publicly mentioned by the developers, then you can compare that with the SHA of the APK or IPA you have. If the two match, your file is safe.
Again, there are apps for this on App Store and Google Play, and a simple search on Google will give you some good options. Install that app and follow the developers’ instructions on how to check a hash of an APK file or IPA file.
By using the above methods, you’ll have a greater degree of security when using apps downloaded from third-party sources. However, none these methods is 100% bulletproof, so it's better to combine methods and use more than one.
Above all, use common sense. If something seems suspicious, likely that is a bad apple.
Hopefully, this article gives you a solid idea of how to figure out if a mobile app is safe. Good luck!