The Android ecosystem is known for its exposure to security risks due to sideloaded apps. iOS users may soon find themselves in the same boat if Apple complies with the EU’s new Digital Markets Act.
Sideloading refers to the practice of installing applications from sources other than the official app stores such as the Google Play Store or the Apple App Store. While sideloading can offer access to a broader range of apps and services, it introduces many security risks. Here’s a list of risks commonly associated with sideloading.
The biggest issue associated with sideloading is unknowingly installing malware on your device by your own hand. Sideloaded apps don't go through the same rigorous security checks as the apps distributed through official app stores. Therefore malicious actors may distribute harmful software that can carry out malicious activities.
In 2021, Bitdefender researchers discovered a batch of malicious Android applications distributed via third-party venues that impersonated popular brands. We uncovered that the threat actors were distributing the TeaBot and Flubot banking Trojans to carry out overlay attacks via Android Accessibility Services. The malicious campaign had been designed to intercept messages, steal Google Authentication codes, and even take full control of Android devices.
Sideloading apps can sometimes cause compatibility issues with your device's operating system, leading to crashes, performance problems, or system instability. Your vendor may decide that this scenario is grounds for voiding your warranty. But if your fingers are itchy, you can use an older device you don’t rely on for personal affairs, work, or finances.
Sideloaded apps may request excessive permissions or access to sensitive data on your device without appropriate oversight. This can lead to unauthorized access to your personal information, including photos, contacts and location data.
Official app stores don’t just scrutinize apps for security or privacy risks; a thorough review process also ensures that apps work as advertised before listing. Sideloading bypasses this review, increasing the likelihood that you’ll deploy a harmful or poorly designed app on your device.
Pirated versions of expensive apps or games are not unheard of in the mobile world, especially in the Android ecosystem. Not only is software piracy illegal, it can also expose you to security or privacy risks. Apps downloaded from unofficial sources could be modified to include malicious code. This can result in unauthorized access, data theft, or unwanted activities on your device.
Developers who sell their software outside the official venues may not be so diligent in responding to security or privacy concerns. This means your security updates may arrive late, or never. Plus, for sideloaded apps, you sometimes have to manually check for updates, which shouldn’t be the case in 2023.
While bad actors have been known to sneak malware past app reviews and into the official app stores, the chances of this happening are far slimmer than by downloading apps from outside the official stores. On iOS, threat actors have an even smaller window of opportunity, as Apple keeps a tight grip on the way apps are developed and distributed for use on iDevices.. Come 2024, the iPhone maker may be legally forced to open the floodgates to app sideloading, meaning iOS users will face similar threats.
You can also read this article for a look at the specific risks posed by sideloading to iPhone users.
Sideloading may sound appealing if you crave certain liberties or rogue practices. But remember that sideloading is a primary vector for malware ending up on our phones. If you sideload apps anyway, at least check whether the source is trusted and be cautious of apps that request excessive permissions or seem suspicious in any way. And use a reliable antivirus app to scan sideloaded apps to detect potential threats.
To make sure you’re protected from all cyber threats, including malware, phishing, identity theft, fraud, etc., consider using a dedicated security solution on your mobile.
Stay safe!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024