The ability to sideload apps on an Android device, bypassing any curation in the Google Play Store and the apparent regularity that that app store misses malicious content in Android apps, is an constant cyber security issue for anyone using Android. Here are two recent examples:
Android apps with 45 million installs used data harvesting SDK (bleepingcomputer.com)
Malicious Android apps found masquerading as legitimate antivirus tools | TechRepublic
If you have an Android device:
- Do not be tempted to sideload apps
- Check the legitimacy of any app you install via the store
- Keep up with the news about vulnerabilities found in Android apps – and if it impacts you take the necessary steps to protect your data
The Bleeping Computer article lists the apps using the malicious SDK as part of their code – have a look and check whether one of them is installed on your phone.
The second and more worrying issue, is malicious software embedded into anti-virus software. Get your AV software from reputable companies – yes it may cost more but at least you can trust them. Here I will give you two I trust, ESET and Sophos but there are others.
Further Reading
