The unfamiliar frontier: The dangers of installing apps from unknown sources

Aiden Ramirez

Jan 17, 2023

9 min read

Understanding the importance of securing sensitive information and protecting your network from potential threats is one of the keys to cybersecurity for enterprises and personal use alike. Knowing this becomes especially important when your corporate data flows through multiple devices; either corporate-owned or employees’ personal devices. But did you know that something as simple as installing apps from unknown sources can put your entire organization at risk? Unfortunately, most companies overlook this threat. This blog will uncover the potential consequences of installing apps from unknown sources. We will also look at the steps your IT team can take to mitigate those risks.

Experience hassle free app management with Hexnode

Whom to trust and whom not

The primary trusted source for installing apps on Android devices is the Google Play Store. For iOS devices, the only trusted source for app installation is the Apple App Store. Apart from this, apps can also come from enterprise app stores, used by organizations to distribute in-house developed apps or apps specifically designed for their employees. Any source other than the ones mentioned above can be considered unknown.

Why are these sources trusted? The main reason for this is that these app stores have strict regulations for app developers. They also examine each app before they are available for download. This helps to ensure they are secure and free of any malicious code. Additionally, these stores require the apps to be digitally signed and will also have the developer information visible.

Perils to watch out for

Here are a few reasons why it’s not a good idea to install apps from unknown sources:

Security risks

Apps from unknown sources may have yet to be adequately tested for security vulnerabilities. Unfortunately, this means they might contain malware or other harmful software that could damage your device or steal your data. So, let’s take a bit deeper look into the different kinds of malware and other risks these apps might contain:

Adware: These are pieces of software that display unwanted advertisements. Users may experience significant disturbance from them, and they may even secretly gather personal data.

Spyware: Some apps may contain spyware, which can monitor your activity on your device and steal sensitive information such as passwords, credit card numbers, and social security numbers.

Phishing: Phishing is a type of cyber-attack that involves deceiving people into giving their personal or financial information by posing as a trustworthy source. Cyber criminals commonly do this through email or text messages but also through third-party app stores. Once the user installs the malicious app, it will trick the user into inputting their login credentials. It might also surveil the device for sensitive data.

Stability issues

Apps from unknown sources may not have been built with the same level of care and attention to detail as those we install from official app stores. As a result, they may be more vulnerable to causing stability issues on your device.

Compatibility: These apps may not be designed to work with your specific device, operating system, or other apps and can cause the app to crash or not function properly.

Performance: Poorly coded or optimized apps can excessively use memory and battery or slow down your device.

Error and crashes: Apps published in unknown sources are more prone to having bugs or errors that can cause them to crash or stop functioning altogether.

Interfere with other apps: These apps might conflict with other apps that are running on your device, causing them to stop working correctly or stop responding.

Lack of Support: Versions of the app downloaded from unknown sources may not be supported by the developer, and you might face issues troubleshooting the app or getting help.

Legal issues

There is a high chance of facing legal consequences when using apps installed from sources that the governing agencies do not approve.

Copyright infringement: Some apps from unknown sources may be pirated copies of paid apps or contain copyrighted content without the holder’s permission. These may result in copyright violations.

Intellectual property infringement: Some apps from unknown sources may use intellectual property such as trademarks and patents without permission. This can also lead to legal action.

Privacy violations: Some apps collect and process your personal information in ways that violate privacy laws.

Non- compliance: Some apps might not comply with the laws and regulations of specific countries and regions. Installing and using these apps can lead to legal penalties.

The ground-level perspective

We have spoken a lot about how apps installed from unknown sources can land you in big trouble. But how much of this is happening out there in the real world? According to recent studies, four companies fall victim to malware attacks every minute. Cybercriminals use apps distributed through third-party stores as a primary means to spread malware. Unfortunately, this has been common in the past few years.

In 2020, a sophisticated mobile banking malware called ‘Cerberus’ was found to be distributed through third-party app stores. This app could secretly send and steal SMS codes, including the 2FA codes from Google Authenticator, and even access credit card and contact information. In 2021, a malicious app called ‘Anubis’ was distributed through third-party app stores and was designed to steal financial information and perform other malicious actions.

You might be familiar with the famous video game Cyberpunk 2077, released in December 2020. But did you know, a ransomware was being spread as the Android version of the game on a third-party website? Once you install the app, it will encrypt all the device information. This means you have to pay the ransom or lose all your files.

The story doesn’t end here. Studies show more than 1 billion malware programs are on the internet. So, if you don’t tread the water cautiously, you can be greatly impacted.

Better safe than sorry

It’s always better to stay away from third-party app stores and web pages when looking for an application. You don’t want any nefarious software lurking through your device. However, there might be situations where you might have to go for untrusted sources to install your apps, for instance, when the app is in the beta-testing phase. It would be best if you took a few precautions to avoid danger in such cases.

The most crucial step is to check the permissions that the app seeks from you. For example, a gaming app asking permission to send SMSs and access your camera doesn’t make sense. Some apps will have long lists of permissions. It is better to go through them thoroughly before installation rather than regretting them later. If you happen to install a malware-infected app by accident, you will have to uninstall the same and do a factory reset to ensure you remove all the infected files or programs.

Are trusted sources truly trustworthy?

Around 100,000 apps are added to Google Play Store in a month. This number is even more than that of the Apple App Store, which has around 40,000 new app releases per month. These app stores have processes in place to review apps for security and quality before releasing them to the public. However, even these are not 100% foolproof. Although Google will remove them as soon as they detect any malicious content, there is a decent chance that some users will download them before that. Hence you should still exercise caution and be mindful of the app’s permissions and reviews before installing apps from unknown sources.

Fortify your app environment with Hexnode

Malicious apps can compromise your enterprise security big time. If you can provide your employees with all the apps they would require for work activities, you can avoid them installing apps from unknown sources willy-nilly. A UEM solution such as Hexnode can be beneficial in such a scenario. Hexnode’s app management capabilities let you remotely deploy and manage applications over multiple devices simultaneously.

Hexnode lets organizations deploy and install applications with zero user intervention. There are also a variety of app management policies available for managing the apps. You can either blacklist all the unwanted apps or whitelist only the necessary apps to ensure no unwanted apps are getting into the devices. You can even configure an app catalog from which the end-user can download all the required apps. This preventing the employees from installing these apps from elsewhere.

Make the most out of your apps

Not only does Hexnode help your organization stay away from cyber threats, but it also helps to improve the experience of your employees. With Hexnode, you can configure the apps in your devices with customized configurations. This means when the employee opens the app for the first time, it will be pre-configured, saving valuable time. You can set up what each app can do or have access to, even before installing them on the devices, by setting up custom app permissions. This feature not only adds another layer of security but also helps you reduce battery and memory usage.

Troubleshooting is a crucial part of app management from an IT admin’s perspective. Features such as remote view and collecting app logs make it easier for your tech pros to analyze and rectify errors. In addition, app logs provide valuable information about the state of the apps as they contain all the errors, warnings, and other events along with the respective timestamps.

Featured resource

Hexnode App Management Solution

Learn how Hexnode’s App Management solution helps businesses ensure seamless deployment, monitoring, and supervision of enterprise apps on end-user devices.

Download datasheet

Another way in which Hexnode streamlines app management is through the dynamic grouping of devices. You can set compliance rules, say a particular enterprise app must be present in the device for it to be compliant, and group all the devices that don’t follow the rules. This feature lets you automate remedial actions on all non-compliant devices. In this case, you can set up a Per App VPN policy. This policy establishes a private network for the necessary corporate apps for added security.

Hexnode contains numerous such features under the hood that can make device and app management a breeze. So what are you waiting for? Sign up today and test all the features out for free!

Aiden Ramirez

Product Evangelist @ Hexnode. Hey Ferb, I know what we're gonna do today!

Share your thoughts