Published: November 10, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
It’s been well-known that sideloading apps is a risky proposition. Just ask the 20 million Aptoide users who recently learned their personally identifiable information (PII) was posted online by a hacker. Aptoide, a popular third-party app “discovery platform” for Android devices had its database hacked earlier this month. The cybercriminal behind the hack claims that in addition to the 20 million exposed data files, there’s an additional 19 million files in their possession. Whether that’s true or not remains a mystery for now, but the Aptoide incident shows (in a huge way) why app sideloading is risky at best and is not recommended by security professionals.
Sideloading occurs when a user downloads an app from some location other than the official Google Play and Apple App stores-- or whatever the official store is for your device. The apps haven’t been authorized or approved by the official app stores and may not have been scanned for malware and other flaws before selling them. Sideloading, according to one security expert, is like driving without insurance.
According to Aptoide, out of its customer data base of 150 million users, just the login email addresses and encrypted passwords of 20 million of them were stolen. However, reporting by ZDNet finds the user’s real name, date of birth, and device information is also up for grabs. Remember, any hijacked PII helps a bad actor commit identity theft and other fraudulent crimes.
Aptoide is considered by fans to be a well-established third-party app store. Since opening in 2011, Aptoide says it now offers one million apps to its 150 million customers and has over 7 billion downloads to date. App fans flock to third-party stores like Aptoide because the platform offers global and otherwise hard-to-find apps not available in the official stores. In addition, Aptoide also gives its fans their own self-managed app store. The company says it doesn’t provide the actual apps, but rather it tells users where in the world the apps can be sideloaded from.
With sideloading, the risk isn’t limited only to data theft. Sideloaded apps are also famous for having malware which spreads to a device during download. Getting apps from the official stores ensures they are checked for malware before being made publicly available, something unofficial stores don’t guarantee. And if you get a new device, don’t “jailbreak” it. That process ultimately means some of the security of the device is highly compromised. Remember to research apps. Read reviews and be as sure as possible they are not riddled with malware before putting them on your devices.
What sideloading comes down to is weighing a user’s desire or need for an unauthorized app versus the level of risk associated with the download. Keeping app-safe is always recommended by security experts, who urge users not to sideload and instead stick with the official app stores and the apps you can trust.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org