Dear Lifehacker, I remember reading about some sketchy wallpaper apps, along with other concerns about security in Android’s somewhat Wild West-style app Market. How can I keep my phone (and myself) safe from bad apps in the Market and elsewhere? Sincerely, Deliberate Droid Owner
Valid question, and one for which we can provide some guidance, if not a completely fail-proof solution. While no platform is completely immune to security flaws and overly zealous data collection (even the more carefully curated iPhone App Store has had its problems), Android’s fairly wide open Market, and the so-detailed-they’re-overwhelming permissions requests from apps, make it harder to be certain about the good nature of some apps. So let’s run through a few ways to keep yourself safe when you’re downloading apps on your Android.
Study New Apps and Their Makers
One of the most reliable litmus tests for whether an app is a goodwill gesture or serious production from a determined developer, or just cruftware, is to scroll down to the “About the developer” section after first selecting an app in the Market, then hit “View more applications”. Look through the apps this person or team has put out. Do they seem mainly like clones of each other— ringtones, wallpapers, theming packages, sports-based widgets? If it looks like the developer doesn’t have much breadth or depth in their efforts, you might not want to jump in, even at the cost of free. You won’t necessarily get hit with spyware or viruses, but you’ll likely find pop-up requests, a tricky definition of “free” and other disappointments.
You don’t need to drill down on every specific permission and what it means. Those can be misleading, anyways — the infamous “wallpaper apps” you mentioned above needed access to “phone calls”, but actually sent back unique phone identification numbers to the developer’s China-based servers. The lesson isn’t: “Trust no one”, but you do want to think about the scale of your app needs. If a tool that supposedly helps share web pages to Delicious says it needs access to your GPS location, question why it might do so, and compare it against other apps that offer to serve the same purpose.
Obvious but Rare: Email the Developer
If you like the promise of a certain app, but you’re not quite sure why it needs certain overreaching permissions, or how it ties into your phone’s data, there’s a link on the Market page for each app that allows for emailing the developer, if an email address is provided. If there’s no email address or no response after a fair waiting period, then the app is likely not worth the risk. The reward, though, can be great: feedback to a developer who might desperately need specifics, assurance that a real human is out to make a great product, and, potentially, a freebie download of a paid app for your help.
Install a Download-Checking Security App
We hope that combination of applied suspicion and helpful free(-ish) apps gives you a little more confidence in the Android app sphere, Deliberate. Fully warned, go forth and make your phone as Kanye Sailor Moon Viking SFX as your heart desires.
P.S. We’re open to any additional Android security best practices in the comments, of course!