Are App Stores Really Safe? How Smartphone Malware Is Filtered Out

Justin Pot 29-04-2015

Do you have malware on your phone? Unless you’ve rooted or jailbroken your device, the answer is probably no. Smartphone viruses are real Smartphone Viruses Are Real: How To Stay Protected Read More , but app stores do a pretty good job of filtering them out.


Of course, no process is perfect. Stuff has gotten through, which we’ll get to.

But assuming you stick to your phone’s official software store – the App Store for iOS and Google Play on Android – the odds of infection are extremely low, thanks to approval processes on both platforms. Let’s talk about how these systems work, what kinds of malware have gotten through, and how you can protect yourself.

How Do The Filters Work?


As of spring 2015, both major mobile platforms review software before adding it to their app stores. For one platform, this is a recent change.

Google’s Android Market (now Google Play) was once famously open, meaning apps of all sort were put into the store without a lot of oversight. Problems like malware were caught by users – Google would take down apps when problems were reported. A software malware filter was eventually added, which scanned all submissions for known infections.


Sometime in late 2014 Google went even further, employing someone to look over every app.

approval process

Human reviewers (not kittens) manually review every app that goes into the store. Google’s approval for apps tends to be fast – usually a couple of hours, sometimes a few days.

Apple’s not so speedy – apps sometimes take a week to get through the App Store approval process. Human reviewers have gone through every app since the Store launched, meaning developers have to wait a long time after submitting their app before it shows up in the store. Software with malware is usually rejected (along with a lot of other apps 8 Ridiculous & Inconsistent Apple App Store Guidelines [Opinion] Here’s a radical opinion - you should be able to run any apps you like on the devices you own. Apple doesn’t agree, and it’s twisted itself into pretzels creating arbitrary rules for what app... Read More ).


Say what you will about how long this process takes – and many have said plenty – but the result is that very few of the millions of apps in the App Store have ever featured malware.

Both systems mean that the software you install using the official stores on your phone were reviewed, by some combination of software malware filters and human reviewers. The odds of something nasty getting through all that is low, but not impossible: some things have gotten through on both platforms.

Examples of Malware Getting Through

Contrary to popular belief, iPhones can get malware Smartphone Security: Can iPhones Get Malware? Malware affecting "thousands" of iPhones can steal App Store credentials, but the majority of iOS users are perfectly safe – so what's the deal with iOS and rogue software? Read More , mostly if they’re jailbroken. But it’s been proven, in theory, that malware could slip through Apple’s famously strict filtering process. A research team at Georgia Tech managed to sneak some malware into an app, and Apple’s process did not catch it. Being researchers, they pulled the app themselves – a courtesy actual scammers probably wouldn’t bother with.



Actual adware has gotten through Google Play’s process. Earlier this year Durak, a fairly popular card game, was found to include malware. This would stay dormant for a while – likely the reason it wasn’t caught – before showing popup ads for third party app stores. (Presumably, if you installed these third party app stores, you’d end up with even more problems).

Google has since removed Durak from Play, but it’s possible similar apps could slip through in the future. If you’re suspicious, follow our steps to find out if your Android device has malware Has Your Android Phone Been Infected with Malware? How does malware get on an Android device? After all, most users only install apps through the Play Store, and Google keeps a tight watch over that to make sure malware doesn't squeeze through, right?... Read More .

Don’t Panic, But Stay Vigilant

It’s worth noting that, in both these cases, the apps were eventually found and removed from their respective stores. In this way, users serve as a second approval process: discovering and reporting malware, which gives Apple and Google a chance to remove the offending apps.

This means that, if you want to avoid such malware, the following steps will go a long way:

  • Stick to software found in the official app stores: Google Play on Android and the App Store on iOS.
  • Avoid apps with very few reviews, or that were added to the app store only recently, unless you really trust the company that makes it.
  • Google apps you’re not sure about, to find third-party reviews from sites you trust.

Malware Outside App Stores

While official app store infections are possible, they shouldn’t be the main concern for mobile users. Most Android malware, for example, comes from third-party app stores (i.e., not Google Play) or pirated software from shady sites (read this before downloading cracked Android apps Cracked Android Apps and Games: Read This Before Downloading The statistics don't lie: Most Android malware comes from outside Google Play. Downloading cracked apps -- or any type of app -- from a shady website or untrustworthy third-party app store is the way most... Read More ).

Computer health

But malware doesn’t have to come from apps at all. Wirelurker, for example, infects iOS devices via OS X, over USB – and it works regardless of whether your iOS device is jailbroken. To quote Palo Alto Networks, a security firm:

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken.

So, part of keeping your mobile devices free from infection is keeping your desktop devices clean – and even Mac users need to be vigilant. Here’s how to tell if your Mac has malware 3 Signs Your Mac Is Infected With a Virus (And How to Check) If your Mac is acting weird, it could be infected with a virus. How can you check for a virus on your Mac? We'll show you. Read More .

Don’t Panic

I’m not a big fan of the walled-garden approach to application distribution, but I have to admit: malware is a pretty strong argument for this approach. But I’m sure you all have opinions, so let me know what you think in the comments below (even if it’s that I’m a horrible wrong person, who is wrong).

Related topics: Google Play, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Andre
    January 10, 2017 at 8:26 pm

    I have a android phone and i bluetooth my pictures and music to my An1 android smartwatch cause i dont have internet threw t- mobile but now my sd card saying i dont have it in my smartwatch so what do i do

  2. Brian
    September 6, 2016 at 11:30 am

    Hello I was wondering about survey apps like ones in games that offer gems diamonds of such that want access to the store like Google play then down loading and following what they said to get your prized package? I see all day long these survey apps but most noticeably that one as sets in a worry as perhaps am missing on a offer?. The thought is once in the store while your downloading from their link they get paid off Google or apple for the link but my other idea is to obtain your email address your PayPal and well probably same time check apps you've bought cause they'll pretend to be squeaky clean for awhile well you know heaps of information it's why I noted it as untrustworthy? Perhaps I should make a fake email address and link devices with the app log in on a old phone and do it that way but still its better in words then ruining a device thinking it could do it like that lol