Cracked Android Apps and Games: Read This Before Downloading

Chris Hoffman 05-07-2013

cracked apps for androidThe statistics don’t lie: Most Android malware comes from outside Google Play. Downloading cracked Android apps — or any type of app — from a shady website or untrustworthy third-party app store is the way most Android devices become infected. Never mind the harm to app creators — downloading cracked Android apps and Android games is a great way to harm yourself.

Android gives you the freedom to install apps from outside Google Play, an act known as “sideloading How to Manually Install or Sideload Apps on Android Want to sideload apps on your Android phone? Installing APKs manually on Android opens up a whole new world of apps, and it's easy to do. Read More .” You may be tempted to download cracked APKs and get paid Android apps for free — but this would be a bad idea. Most Android malware arrives through these side channels, not through trustworthy app stores like Google Play.

What Android Malware Studies Tell Us

The press (and Apple) are always talking about the prevalence of Android malware and how dangerous it is to use any Android device at all. If we look at actual studies, we find that Android malware isn’t very common — as long as you stick with legitimate app stores like Google Play and the Amazon Appstore.

For example, an F-Secure study from less than a year ago found 28,398 samples of malware, but only 146 of them came from Google Play. That means 99.5% of Android malware found in the wild came from outside Google Play — likely from cracked APKs on websites and from shady third-party app stores that offer paid Android apps for free.

cracked android apps

FakeInstaller: The Most Popular Android Malware

You may think you’re home free because the app installs and appears to be working normally, but you could still be in trouble. One popular malware technique is to “wrap” the cracked Android app in malicious software. You’ll still be able to use the app, but the malicious software will also be able to run. This is clever because it encourages you to leave the app installed and let your guard down — if the app was blatantly malicious, you’d remove it immediately. If your phone seemed to have problems, you might restore it to its factory default settings and get rid of all the malware.

These days, malware is created to make money — often for organized crime. It’s easier for malware to make more money if it can trick you into believing there isn’t a problem and run under the radar.

For example, a McAfee study from less than a year ago found that Android.FakeInstaller was the most widespread malware family — over 60% of Android malware samples discovered by McAfee were from the FakeInstaller family. FakeInstaller malware pretends to be an installer for a legitimate application, but sends premium-rate SMS messages in the background to cost you money.

As Lookout security told InfoWorld back in 2011, “Repackaged applications have emerged as the de facto trend in how malware is spread in Android.”

cracked android apps

Malware Can Cost You Money

On Android 4.2 Top 12 Jelly Bean Tips For A New Google Tablet Experience Android Jelly Bean 4.2, initially shipped on the Nexus 7, provides a great new tablet experience that outshines previous versions of Android. It even impressed our resident Apple fan. If you have a Nexus 7,... Read More , Google finally added a system that prevents apps from sending SMS messages to premium-rate phone numbers in the background — but most devices out there aren’t using Android 4.2. These premium-rate SMS messages are a favorite technique of malware, as they can add charges to your bill and drain money directly from you to the malware’s creator. Sure, you could try to dispute these charges with your phone company, but they’d fight you every step of the way. That pirated version of a $2 app may start running up $10 charges on your cell phone bill.

Even if you’re using Android 4.2, you’re not completely safe. According to McAfee, the FakeInstaller malware includes a backdoor for receiving commands from a remote server, so your phone could be used as part of a botnet, your personal data could be uploaded, or the remote server could just remotely install more malware. Other types of malware can also do much more than send premium-rate SMS messsages.

Antivirus Apps Aren’t Enough Protection

Google Play scans apps that are uploaded for malware. If an app is later discovered to be malicious, Google can automatically remove it from the devices it’s been installed on. You’re giving up these protections by sideloading an APK.

Android does now offer a feature that scans apps you sideload for malware — you’ll be prompted to do so the first time you sideload an app. However, this isn’t guaranteed to catch all malware, so you can’t entirely rely on it. The same goes for Android antivirus programs, which don’t catch everything. Just as you should exercise caution and avoid downloading suspicious software How To Do Your Research Before You Download Free Software Before downloading a free program, you should be sure it's trustworthy. Determining whether a download is safe is a basic skill, but one everyone needs -- particularly on Windows. Use these tips to ensure you... Read More on your PC, even if you’re using an antivirus program, the same goes for your phone or tablet. Some studies have shown that most Android antivirus programs don’t have very good detection rates.

cracked android apps

For all the hype, Android is pretty secure as long as you avoid downloading pirated software from shady websites. Stick with legitimate sources like Google Play and the Amazon Appstore Google Play vs. Amazon Appstore: Which Is Better? The Google Play Store isn't your only option when it comes to downloading apps -- should you give the Amazon Appstore a try? Read More and you’ll be okay.

Sure, that cracked Android app you’re eying right now may be okay — but the more pirated APKs you install, the greater the odds that you’ll get infected. It’s not worth the risk.

Have you ever dealt with Android malware? If so, where did it come from? Did you pick it up after installing an app from outside Google Play? Leave a comment below and let us know if you’ve ever been infected.

Image Credit: greyweed on Flickr

Related topics: Anti-Malware, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mckinley
    October 12, 2017 at 11:14 am

    anonymous help me well there is a malware/trojan in my cp called if i uninstall this virus later it keeps coming back i tried malwarebytes but keeps coming back and there is more called PUSH i tried factory reset but this PUSH is disabled so that it cant crash phone so help me.... pm me kinley zerrudo facebook if there is solution

  2. eri
    July 7, 2016 at 9:42 am

    i think i got a malware in my android after trying to install a few cracked apps
    Can anybody help telling me how to remove it. I think it is virused because the screen switches off and on many times. And when i connect it with pc it connects and disconnects continuously

    • Pentester
      November 27, 2016 at 1:59 am

      find and locate all of the portions of that cracked APK file and uninstall it that's if it broke up which I'm sure something did if it gave you a virus , if that didn't work then no doubt FACTORY hard reboot your phone which will delete every app and personal data off your phone leaving you how your phone was when first bought. ALSO never connect an infected file to your computer as this will leave the virus , Trojan , rouge still lingering around or making it spread even bigger over time

  3. Anonymous
    March 11, 2016 at 3:46 pm

    better site is: l

  4. Anonymous
    October 9, 2015 at 9:21 pm
  5. lucky
    October 12, 2013 at 2:46 am

    Regular downloading cracked apps from this popular community with no problem mobilephonetalk . com

  6. Chris
    September 20, 2013 at 12:10 pm

    Can you get your google account banned if you install pirated apps?

    • Anonymous
      July 25, 2015 at 8:09 pm

      No it cant ban you

  7. getapk
    September 18, 2013 at 9:34 am

    better site ist

  8. Akshit
    September 10, 2013 at 5:13 pm

    Ur talking about figures is fatal as u are taking one Google play in comparison to billions of sites and that's why 99% are genuine from g play
    next time compare with apkmania or and then show results
    per practise I had got 10 corrupted apps from g play while 0 from apkmania

  9. Unverified User
    September 2, 2013 at 1:16 am

    Pssshhhh! Its all about cracked apps. Look at lovely NZ. passing the vote to disregard all patents on software. SMART MOVE! :) Malware, well i you want to talk malware, lets take a look at the permissions of say, the Facebook app. It has permissions to be me basically, even when Im nowhere to be found. It can rummage through my entire phone. Including the contacts, Facebooks and personal in the phone book. It can post on my behalf, it can broadcast my location. It can intercept calls. It can use my camera and microphone. It can read all of my messages. (wtf? do I have a mean ass root kit /worm?) Facebook can even use my likeness to advertise for whatever crap that they please. And even if I dont want this behavior, I have to accept it anyway if I want to be a part of something that stupid.

    Malware cant do squat to my droid device. There are no contacts in it. No photos, Nothing that I would risk making available to just be used for damage. Remember the big boom in the 90s in regards to the internet? We had to lay commonsense guide lines down for the noobs with no common sense. People act as if the viruses or malware are the worst thing in the world. When in actuality its the legit apps that selectively target you with their ads and usage monitoring that are the most detrimental to your well being. In fact its more or a security risk to (a.) loose your wallet. Because Its got your I.D. with home address and DOB, height , and probably some credit cards, debit cards, cash, and photos of your family. My phone is just that , a phone. My droid, is just one of my toys like my PSPs. (b.) The second most dangerous thing that you can do is be as lazy as all of you fucks are and not reading the apps full permissions. And if you have read them, continue to install and use them with all of that BS they pass around your line of sight. Like the oncoming onslaught of stupidity of man, with things like, Progressives car monitoring/tracking/live GPS plugin, that they are passing off to people as a way to get cheaper rates. Dont you think for a minute that there is no instant kill switch that they or the local authorities can use to their convenience. Stopping your car if you were deemed as a threat.

    And the "smart" home? Wtf? Are you a dumb ass? Must be if you need an inanimate object to be smart. The lock, and key, and or lock, key, dog, and gun, and owner, have been a tried and true method of securing ones home with immediate results. WTF is a smart home going to do besides give the man, or should I say, men, (because you are a fool if you think that its only going to be one agency eavesdropping on your lives.) What, it can call the cops once someone has already entered, shot your wife, and made off with your belongings while the po-po are on their way? That dog would have gotten him some burglar ass, and my Mossberg would get me some neck and face of whoever is breaking in to my house. MALEWARE detected, action taken, removed.

    Bottom line is this, get a clue. Think on a wider plane than that little narrow stupid and pointless one that you have been sold into thinking is worth your money and time.

    unwanted behavior, unannounced access to the web, and possibly costing you money /by misleading you in to thinking you had to buy something to get rid of something. That sounds exactly like what the major corporations do to you everyday, all day. They pitch things to you as if you NEED them or want them. And no one but the few smart folks out there, takes a moment to step back and ask themselves, " do I really need to change phones? This one still works, and I just got it last quarter. Is the new one just a small facial lift, and a software patch to allow some new apps. MAYBE) Think about things. Relate them to others. And compare them. You will be surprised with all of the bullshit you find.

    happy trolling

    • AnitaTaco
      February 9, 2017 at 8:07 am

      You, I like.....

  10. dvn
    August 31, 2013 at 9:20 pm

    Ha, I get more Malware from the google play store than any of my favorite pirating sites. AND they tend to be evil and vile ones, like ads that pop up whenever I connect to the net, or apps that say 1.50 MB and yet they download 80 to 90 MB secretly into my sd under strange and official sounding files. Don't feed your fear mongering nonsense to people who don't know better. Downloading ANY app requires careful consideration, AND just because the app is from an official site NEVER means that it is safe to download. Every single one of my absolute favorite (and clean) apps have come from pirating sites. Understand what site you are downloading from, look at multiple sources for the app you want to download, And, the most important rule of them all, READ THE COMMENTS!!!!! We don't write this stuff for nothing, you'll have to sort out the trolls but for the most part it's dramatically simple to find a mass quantity of honest reviews by people like you. OH and yeah, googleplay allows the option of not allowing comments, NO Comments, NO Download, plain and simple.

  11. Syd
    August 23, 2013 at 6:44 am

    Not to forget that people in semi-supported countries have to struggle with idiotic Google red tape. I've been trying to buy apps legitimately for ages now. And there's always a problem. Debit cards aren't accepted, I always get pointless errors with Credit cards and now Google wants me to send my identity sensitive data over to them via email? I bloody think not. My only option now is pirating while my superior "1st world country citizens" righteously tell me how wrong it is blah blah. What do you know about the situation anyway? Have you ever given your righteous self half a thought as to what the root of the problem is? Instead of just passing around your virtuous opinion, please note that more than half the time it's not about being able to put down .99 for an app - it's about being unable to.

  12. android underground
    July 6, 2013 at 10:45 pm

    Don't forget to add F-Droid to your list of safe app stores.

    Where else are you gonna get your ad blocker now that Google kicked 'em all out of its own store?

    (speaking of ads... malware is known to hitch a ride on them too)

  13. Ian Hanford
    July 6, 2013 at 4:46 pm

    I'm not sure what this article did. I've worked in IT (tech support) for over 20 years, so am well aware of the risks of going "non-authorised" with software.

    I expected, I think, some advice about catching, and dealing with, 'sideloaded' mal-ware, however I don't seem to be able to find any.

    Please feel free to point out any _really_ useful information I obviously skimmed over...

    • shoki
      August 12, 2013 at 10:57 pm

      it's fearmongering for the pleb

  14. boss
    July 6, 2013 at 11:15 am

    Therefore I am using offical Chinese appstores. They offer all apps and games for free and malewarefree.

    • Willy Wonka
      July 6, 2013 at 11:44 am

      Do you have a link to Chinese Appstore for free Apps and Games?

    • Unverified User
      September 2, 2013 at 1:20 am

      I second that emotion

    • Unverified User
      September 2, 2013 at 4:29 pm

      Also a note to the writers, think about this for a second. You are a poor (not in all cases) script writer, in need of some sudden cash. You have written some malware ad need to distribute it to a massive amount of people. Now how do you go about doing so? On a unknown application that only reaches a small amount of people? Or a mega giants game that the player trustingly clicks a link to, or accidentally clicks a link leading them to your malscript , or malware. The well known sites are responsible for the distribution of malware on the larger scale. To a larger audience. And with all that said and done, it still falls on the user to not store sensitive data on ANY device. Did the world wake up dumb one day and forgot what a SECRET or PRIVACY is? I guess so.

      ># end-of-line

  15. Shakirah L
    July 6, 2013 at 7:17 am

    What should we do when got affected by malware?

  16. Peter
    July 5, 2013 at 10:45 pm

    Just a quick reality check. The Google Play store and Amazon have been known to pull legitimate apps at the request of wireless providers. Telling Android owners to only choose apps from these providers is like telling Apple owners they can only install apps from itunes... oh wait.

    I am frightened of malware but I'm more frightened of draconian business practices.

    • Martin Wallis
      July 6, 2013 at 11:36 am

      Agreed, the malware side is a worry but not as much as a corperation deciding what I can & can't have or do.

      My advice flys in the face of this article really, sideload away even with pirated stuff. I still do & use it as a try before you buy, if an app is good enough & proves its worth I always go buy the full version & support the developers.

      Best advice take notice of the permissions, if you don't like the look of them don't load em that goes for everything though & won't reveal any real malware.

      The definition of malware needs a review too example Jayz's Magna Carta deal with samsung, legal app, restricted but BOY the permissions it asked for just for an Album wrapped in its own player app now that in my book counts more as malware these days.