Love this app, makes it really easy to keep non-store apps up to date by linking directly to the apps GitHub repo for example.
Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.
I would recommend caution with apps from the store too. Not only are many predatory practices not disallowed, outright malware can and does slip through review. The advice is the same as ever when it comes to computers: don't run programs you don't trust, and set your bar of trust high.
it's worse than that imo. People claim the web is dangerous because it runs untrusted code but apps do the same with auto updates from stores and that the majority of apps are just webviews running code from the net but without the same level of sandboxing as a browser
We hear enough story how Google removes legit app without reason, using automated process, to know that there is at least as much malicious app that goes through being undetected.
Alright, well I don't think I personally know anyone who has ended up with malware on their phone. I'm sure it could be better but it seems alright. I'm not gonna advise everyone I know to stress out about it by trying to have a high bar of trust and evaluate every app they wanna try only to have the exact same result they've had for years.
The advice is absolutely not the same as it's always been - it would be weird if the advice from the early aughts, when it was common to be affected by malware or viruses, was the same as the advice now when it's rare.
It's not just the outright malware. It's the McDonalds app that sends them a few notifications per day reminding them that they have One Free McFlurry Waiting!, or 5 ad-ridden games they downloaded to play once and now litter their 5th and 6th homescreen, one of which got them to agree to background location tracking. It's the SuperCoolEmojiKeyboard they installed one time 2 years ago because they couldn't figure out how to send a hotdog emoji, and has been keylogging them ever since.
People treat installing apps like a casual activity that involves no real thought or consideration. They've been trained to do so. The mental model needs to change: installing software is granting it some measure of ground on your device, and should only be done in cases where you have good reason to trust the developers. For everything else, that's what we have websites for.
Nevermind that being downloaded a million times doesn't mean by a million people, as scammers download their own app to boost numbers -- a million is what, 1 in a few thousand smartphone users?
I'd love it to be zero but the amount of vigilance warranted has gotta be a lot less than it was in the past unless there's some argument that magnitude of harm has gone up by a massive amount while probability has gone down by the same amount. Which, idunno, maybe that argument can be made actually.
Also I guess 2001 felt unsafe to visit trusted websites, so the advice upthread was already a bit lessened.
> Nevermind that being downloaded a million times doesn't mean by a million people, as scammers download their own app to boost numbers -- a million is what, 1 in a few thousand smartphone users?
Isn't this cause for people to be more vigilant? You can't even trust apps that are vouched for by large numbers of users (with these large numbers being not mere claims on a shady website, but statistics officially certified by the authority of the app store).
But 2 million downloads among 35 apps is nothing when it comes to evaluating your personal risk. There's like 50,000 times that many apps downloaded every year. The point is the odds of you installing this app are very low. And if those numbers are half fraudulent then the odds are half of that already very small number.
That's one incident among many. Don't judge the situation by a singular incident. Google's move to realtime scanning of apps upon install is not because there is no risk.
> I don't think I personally know anyone who has ended up with malware on their phone
That's... kind of the point when distributing malware? Not only has the game changed as to what actually happens, but malware is only valuable as long as it's installed - meaning getting noticed is pretty well the worst-case scenario for the attacker.
The main point though is malware is no longer stealing credit card numbers. It's not 15 ad-laden toolbars in browsers, or pop-unders and overs, or in-your-face obvious. A subtle miner over half a million users is a decent chunk of shitcoin to mine, and efficiency doesn't matter when it's not your hardware, or your power.
> Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.
Its still a lot more dangerous than the Play store, and I assume a good threat actor can go undetected, but the Play Protect even scans apps that are installed from outside the store.
Obviously you have to be careful what you install, just as with any app not found in Play Store, but if you're getting your apps elsewhere anyway this is really convenient.