Out of the box, your Android device only allows you to install apps from a single source: the Google Play Store. To get software from anywhere else, you have to enable installation from third-party sources and accept the risks that come with it.
This leaves security-conscious Android users and developers with a dilemma. Do you accept a situation where Google is your sole supplier of apps, or do you open yourself up to content from elsewhere, along with potential threats?
It’s a decision only you can make. Here’s some background that may help.
First, What Am I Talking About?
Maybe I’m moving too fast. Here’s a quick way to get caught up. Go to Amazon and download Amazon Underground. When you click on the APK (Android Package), you will see this warning.
To do anything about this, you have to go to Settings > Security and flip the toggle next to Unknown sources. This will enable you to install apps from sources other than the Play Store.
Now you can install the APK you downloaded and gain access to Amazon Underground.
Why Do Apps Only Come from the Play Store by Default?
The easy answer is to say that this is how Google makes money off Android, which it provides as an open source operating system for manufacturers and custom ROM makers to do with what they please. Google gets 30% of the money when you buy something from the Play Store.
But there’s much more to this decision than profit motive. Pumping all software from a single, trusted source is a way to keep devices secure. Developers create apps and upload them to the Play Store. Google checks them for viruses, malware, and anything else the company would consider malicious. Then it allows that app and updates to pass through to users. Out of the box, devices can only get affected by bad apps if the code manages to bypass Google’s safeguards.
With this barrier removed, any software can run on your device. Now the responsibility is on you to make sure you don’t install anything from an unsavory source or accidentally click a link that manages to sneak something onto your system.
This situation has proven difficult for many people to grasp, and it’s what led Windows to be the security nightmare it was known to be for many years. How could users tell a good .exe from a bad one? This ultimately led to the rise of anti-virus software and a computer security industry built around protecting users from online threats. Even with Windows 10, users have to be proactive about their security.
Limiting downloads to primary app stores is part of the reason the mobile security landscape is a different story.
Why Would I Want to Get Apps Elsewhere?
Allowing software to come from sources other than Google Play has practical and philosophical benefits. Someone who doesn’t have much money to spend on apps may appreciate that Amazon allows users to get unlimited access to some software via Amazon Underground.
Others may like paying a price of their choice to get collections of games for cheap from Humble Bundle. A person who only wants to install free and open source software may prefer to download apps from F-Droid.
As long as the Unknown sources option remains unchecked, you can’t get software through any means other than the Play Store. If an app you like isn’t there or gets removed, you’re left without access. If you like Android but don’t want to tie your phone to a Google account, you too are out of luck.
If you know an update is out, but the Play Store hasn’t yet pushed it to your device, all you can do is wait. And even if you want to get software from the Play Store but have to download the APK manually to get around regional restrictions, you won’t be able to install it without enabling access to unknown sources.
Then there are the privacy implications of getting all of the software you use on your phone from a single place. Your Google account has a record of every app you’ve ever downloaded to your phone and, if you’re not new to Android, your phone before that. Your account shows how many devices you own, what they are, and what software is installed on each.
This information is also connected to the same Google account that handles your email, your Hangouts messages, your YouTube viewing history, and the physical location of your phone at all times since you’ve bought it.
If giving Google that much information leaves you feeling uncomfortable, you can limit how much data the company stores. You can also cut back on how much information your Android device shares in the first place.
Is Allowing Installation from Unknown Sources Really That Dangerous?
I would be lying if I said allowing software installation from unknown sources doesn’t open you up to extra risks — it does. Malware lurks in unofficial app stores that lack the security measures you find on Google Play.
But for the most part, dangerous apps are easy to avoid. Stick to major app stores or repositories that you know you can trust. Don’t install APKs unless you can verify where they came from. Avoid suspicious links the same way you would on a PC.
The same practices that keep you safe on your computer are important to keep in mind on your phone or tablet, especially when apps can come from anywhere.
Should You Flip That Switch?
That depends on the kind of user you are. People who know how to avoid viruses on Windows should be able to handle themselves on Android just fine. But if you or a family member have a difficult time understanding what bad software even is, then you’re probably better off leaving things as they are.
It’s the single easiest thing you can do to keep your device safe. Most apps are available on Google Play, even if they may not always be as cheap as they are elsewhere.
That said, that isn’t how I use my phone.
But that’s me — what about you? Do you install apps from unknown sources? What behavior would you recommend new users adopt? This question affects developers and users alike, so share your opinion in the comments below.