These Apps Can Steal all Your Information- Be Careful


When looking for a certain application or game on Google Play or in the App Store, it is common to check that the one that best suits our needs is paid. Most users, given this situation, either pay for the application or resign and look for another alternative, but other types of users want it and also, free!
When a user is willing to obtain a premium application completely free of charge, without assessing whether to do this is legal or not, he usually goes to one of the many repositories of unofficial apps published on the Internet, outside the reach of Google and Apple.

Many may think that such repositories or alternative stores only contain pirated applications from official stores, but the reality is not always the case. Both Google and Apple are responsible for validating if a certain app is suitable for your online store, meets minimum requirements for usability, quality, safety, etc. so that certain apps can be discarded according to their particular standards. However, these alternative repositories do not govern the principles of Google or Apple, so many apps not accepted by these companies are hosted here. And, in these stores, there are no security measures such as those that may have implemented Google Play or the App Store, which implies a greater number of apps with malware or that hide under its harmless appearance, functionalities with malicious purposes.

Both Android and iOS have restrictions enabled by default that only allow apps installed in their repositories to be installed, thus preventing users from leaving the “controlled area”. Let's say that to install apps from alternative sites, as Google says "untrustworthy", on Android it is very simple, you just have to access the settings and activate the "Apps of unknown source" right in the "Security" section. In Android 5 or earlier, the option is in «Settings> Security> Apps of unknown origin», for version 6 and later this option is in «Settings> Advanced settings> Security> Apps of unknown origin».

In iOS, things get more complicated. To be able to install an app outside the App Store it is necessary to remove the factory restrictions. This is known as jailbreak the device, becoming more insecure and unstable, since among other things the security risks are increased by being able to install applications outside the official store.

If we decided to "cross the border" and install that app that is paid in the official repositories but that is free on other Internet sites, when installing it, and ... as long as it works correctly, in addition to getting the functionalities to which was designed, we could be jeopardizing our device and our privacy.

The first aspect to keep in mind, as already stated above, is that the site from which we have downloaded the app does not have security measures as strict as Google or Apple may have, or that it simply does not have any. This aspect is important since, since there are no security controls, someone with sufficient knowledge could perform the following set of actions:

Buy the original app in one of the official stores.
Using the right tools, you could get the source code with which the app was created.
Modify said code to perform other malicious actions in addition to the originals, such as:
- Install applications without permission or show advertising so that the cybercriminal will get an economic benefit.
- Access different elements of the device such as a camera or microphone, keyboard, storage memory, etc.
- Obtain personal information from the user such as your contact list, card numbers, sent and received messages, access credentials, etc.
- Anything else you can think of ...
Compile the application again with the “previous extras” or any other and host it in one of those alternative repositories that we have commented on.
Once the application is hosted in the store, the cybercriminal just has to wait for a user in his eagerness to get a premium application for free, to install it on his device.

In addition to the possible risks to which we expose our privacy and confidential information, there are other issues to consider when installing an app with these characteristics:

Developing an application takes a lot of work and hours of effort, so if the developer considers that we must pay a certain amount to enjoy its functionalities, we should do so, and if we disagree, look for an alternative.
When installing a "pirate" app we stop receiving updates so we will not get new features or bug fixes released by the official developer.
Be cautious with the applications you download on your mobile device. Do not act compulsively and reflect on what you want to download, where and under what conditions. You will avoid security risks on your devices and that the data you store on them will escape your control.

If you are one of those who have ever tried to download apps from these alternative stores, what has been your experience? We encourage you to share it with us and give us your point of view.

No comments