As competitors will be quick to point out, some (certainly not all) apps for Android are potentially malicious. However, following a few simple rules will allow you to avoid many risks.
You got it from the Play Store
Unlike Apple, Google doesn’t approve applications manually. The apps are scanned for malware in the Play Store instead. Looking through reviews, permissions, and reputations of desired apps can also provide useful information. Should you discover after downloading that an app from Google Play is malicious, you can remove it from your phone or tablet remotely. To circumvent this protection, attackers go outside of the store to distribute their malignant apps.
Reputation, reviews, and installs
Just like with desktop applications, evaluating app’s integrity is important if you’re planning to allow it to access your system. When using Android, this will mean combing through information such as a number of installs and user reviews. For instance, an app with only 50 installs and mostly negative reviews is most likely unsafe and should be avoided.
Now, an app boasting four and five-star customer reviews along with millions of installs can be comfortably considered trustworthy. Obviously there are exceptions to this rule, as the sneakier apps can manage to dupe their way into huge install numbers and positive customer reviews.
Also consider the developer’s reputation. Apps created by Google are generally safer than those created by an unknown provider. Additionally, apps provided by a familiar organization, such as your bank, are presumably safer than unknown developers you’ve never heard of.
App’s permissions will have to be considered as well. Small apps requiring zero permission can be presumed safe. Even if the app has ulterior motives, it doesn’t have enough access to set them into motion. But, if that same little app wants access to sensitive information like messages, contacts, location, or accounts, more suspicion is warranted.
Outside the Play Store
Android generously allows users to grab apps that are outside the realm of the Play Store as well. While this process affords flexibility and freedom, it also presents added risks. As with personal computers, you’re free to install software offered by anyone on the web, but people can use this to sneak in and distribute their malware. If you’re downloading from a sketchy website, be aware that it’s probably smuggling malware into your system.
Android has helpfully begun offering to scan your outer realm apps, but, similar to any other antivirus program, it’s not failsafe. So again, consider it a red flag when apps aren’t available from the store and only continue installation if absolutely necessary. For added protection, enable the setting to verify applications, so that Android will regularly patrol for dangerous apps. If it does flag an app, you’ll have to uninstall it immediately.
The permissions make little sense
As mentioned before, one more thing to watch out for is an unreasonable amount of permissions. When a flashlight application wants to access your address book, location, and the internet, be on your guard. The app may be looking to share your address book and location with advertisers. Additionally, if the app wants unnecessary permission to send messages, its goal may be to message high-rate numbers, which will cost you when your next bill comes.
Permissions are not as easily regulated in Android as they are with iOS. Applications often prompt you for excessive permissions, and they aren’t easily disallowed. While it is normal to happen upon applications requiring unwarranted permissions, it could be due to the ulterior motives of boosting ad networks.
Be critical of the permissions when you install applications. If an untrustworthy app seeks needless permissions, you can assume it is going to abuse its privileges. Apps may also prompt you for additional permissions upon updating. However, these will have to be agreed to manually.
There isn’t a foolproof method for avoiding malicious content, no matter what software you use. However, as outlined above, there are steps you can take to greatly reduce the risk. Download directly from the Google Play Store whenever possible and pay close attention to all available information, including reviews, developer’s reputation, number of installs, and reasonability of the requested permissions.