By skyforbes While most apps available on the Google Play Store are security-tested and considered safe, there is still a chance that some harmful apps might slip through—especially if you download apps from third-party sources.
If you accidentally install a malicious app, it can harm your device’s security and privacy. Cybercriminals may use these apps to infect your device, steal personal data, or bombard you with annoying pop-up ads.
Experiencing any of this can be frustrating. That’s why you need to know how to check if an Android app is safe to download.
1. Verify App Authenticity
The easiest way to check if an app is safe is to use a link analyzer tool, such as VirusTotal. It scans for malware by checking suspicious files, URLs, domains, and IP addresses. Just enter the link of the application, and it will inform you if it is safe to download.
Alternatively, you can take some safety precautions and watch out for potential issues on your own. Start by checking the application size—this is usually mentioned on the download page. If the file size is unusually large or small compared to similar apps, it could be a sign of malicious activity. It might come bundled with adware or other unwanted programs, which could get installed along with the app.
Next, read user reviews to see if anyone complained about the app having malware or suspicious behavior. If more than one or two people warn that the app is a scam or contains malicious elements, pay attention. Even if the comments are vague hyperbole, like “this broke my phone,” it’s better to be safe than sorry. Moreover, be cautious of fake reviews that could be posted by the illegitimate developers themselves.
If the app has a lot of good reviews, look to see how similar these reviews are. Usually, fake reviews are short, excited comments with general statements. For instance, “The most wonderful app! I like it a lot.” They usually don’t highlight any specific features. Watch out for poor grammar, spelling mistakes, keyword-stuffing, or strange language in the app’s description, as these could be signs of a suspicious or fake app.
2. Research App Stores and Download Platforms
Google Play Store continuously checks 125 billion apps for security problems to enhance safety. It has a feature called Google Play Protect that scans apps from the store for security issues before downloading. This makes it the safest place to get Android apps, but it’s not perfect.
Google Play Protect is better at detecting known attacks than new ones, which means some attackers can find ways to get around it. So, even when using the Play Store, it’s important to be cautious and consider further factors. For example, almost all apps have privacy policies to help users know what data they collect. Sometimes, the link to the privacy policy might lead to irrelevant content instead of an actual privacy policy. Make sure you click on it and read the privacy statement if the link is legitimate.
However, it’s riskier to install apps from unknown sources, i.e. platforms other than the Google Play Store. To stay safe, use Android’s built-in security feature that stops app installation from untrusted sources.
3. Check For App Certification
Google Play Store has security features to ensure its apps are genuine. One of these features is Google Play Store Signing, which helps make sure that Android apps are authentic and trustworthy. Developers must use cryptographic keys to sign their apps, verifying that the software is not tampered with and comes from a certified developer.
Always check for app certifications, as they show that the app meets specific security standards, has undergone inspections, and is safe. Only download Google Play Protect Certified apps, as they have passed security checks and are malware-free. The “Top Developer” certification is another reliable sign that trustworthy and reputable developers made the app.
In addition to the certification, you should look at the app’s download counts and app history, such as its release date, updates, or any reported security incidents. Malicious developers can also create fake app downloads by using bots or fake accounts to download their apps over and over. That means that even popular apps can be dangerous.
Android device users can be affected by app update spoofing too: hackers create fake copies or “updates” of popular apps to trick people. These fake apps may contain harmful software that can secretly track your online activity and collect your personal information.
4. Review the Permissions List
If an app requests device permissions that don’t make sense, be extra vigilant. You can check an app’s permissions in the Google Play Store.
Go to the app page, tap About this app, then select the See more option that’s under to the Permissions menu. In this menu, you’ll see a summary of what each permission allows the app to do.
A permission is suspicious if the app doesn’t list any feature that would need it. For example, a request to listen to the microphone would be alarming in a Solitaire game app. But it makes total sense in a video editor.
Be especially wary of apps that ask for dangerous permissions, i.e. anything that allows the app to read, receive, or write sensitive information; for instance, your location, stored files, phone calls, text messages, or audio.
Malicious developers make a profit by selling this information or holding it ransom. Once an app has your sensitive data, it can be difficult or impossible to recover your privacy. It’s better not to risk granting access in the first place.
5. Learn About the Vendor or Developer
Research who made the app. You can find the relevant webpage by clicking the developer’s name in the Google Play Store. You could also Google the following string: “[DEV NAME] mobile apps.” Be sure to check Google’s News results. Has this developer been in the news for any scandals lately? What about the parent company?
Looking at the developer’s other apps can also give you clues. If the developer only has a small number of apps, but ridiculous download numbers, this is a red flag. If they have lots of apps, but the only clear difference is the name or icon color, that’s suspicious as well.
Honest developers won’t have clones or knock-offs of other people’s apps, either. If the developer is imitating more popular products or saying their app is a discounted version, don’t click! The real developer would simply issue a sale, not release a separate download.
6. Pay Attention to the Installation Process
Some malicious or spam apps sneak things by you through the terms and conditions. These sneaky developers know that most people will click “Accept” without reading. So they get you to consent to data mining, data sharing, pop-ups, and all kinds of other things. The solution is to read everything carefully.
If the app presents you with terms and conditions when you open it, read them. If it’s too hard to understand, try using a plain-language translator like Rewordify. If it’s still too dense, you might be better off just closing it and uninstalling.
Apps that want you to agree to a lot of extra stuff might be trying to steal your data. Be especially cautious if they don’t seem interested in helping you understand why they need it.
Enjoy Peace of Mind When Downloading
Your personal data is valuable so is worth your time to protect. Avoid installations from unverified sources but don’t think that everything on the Google Play Store is safe. Do some extra research by reading comments on forums, articles, or reviews to learn about the app’s reputation and security.
These steps can also save you trouble with spam advertising. With just a moment or two of reading and some common sense, you can feel confident when downloading anything. But apps aren’t the only ways malicious developers can access your data. Make sure you perform regular phone maintenance, and use a good virus-scanner!