Android Security

Is It Safe to Install Android Apps from Unknown Sources?

Bertel King 09-02-2016

Out of the box, your Android device only allows you to install apps from a single source: the Google Play Store. To get software from anywhere else, you have to enable installation from third-party sources and accept the risks that come with it.


This leaves security-conscious Android users and developers with a dilemma. Do you accept a situation where Google is your sole supplier of apps, or do you open yourself up to content from elsewhere, along with potential threats?

It’s a decision only you can make. Here’s some background that may help.

First, What Am I Talking About?

Maybe I’m moving too fast. Here’s a quick way to get caught up.  Go to Amazon and download Amazon Underground. When you click on the APK (Android Package), you will see this warning.


To do anything about this, you have to go to Settings > Security and flip the toggle next to Unknown sources. This will enable you to install apps from sources other than the Play Store.



Now you can install the APK you downloaded and gain access to Amazon Underground.

Why Do Apps Only Come from the Play Store by Default?

The easy answer is to say that this is how Google makes money off Android, which it provides as an open source operating system for manufacturers and custom ROM makers What Is Rooting? What Are Custom ROMs? Learn Android Lingo Ever had a question about your Android device, but the answer had a bunch of words in it that you didn't understand? Let us break down the confusing Android lingo for you. Read More to do with what they please. Google gets 30% of the money when you buy something from the Play Store.

But there’s much more to this decision than profit motive. Pumping all software from a single, trusted source is a way to keep devices secure. Developers create apps and upload them to the Play Store. Google checks them for viruses, malware, and anything else the company would consider malicious. Then it allows that app and updates to pass through to users. Out of the box, devices can only get affected by bad apps if the code manages to bypass Google’s safeguards Are App Stores Really Safe? How Smartphone Malware Is Filtered Out Unless you've rooted or jailbroken, you probably don't have malware on your phone. Smartphone viruses are real, but app stores do a good job of filtering them out. How do they do this? Read More .


With this barrier removed, any software can run on your device. Now the responsibility is on you to make sure you don’t install anything from an unsavory source or accidentally click a link that manages to sneak something onto your system.


This situation has proven difficult for many people to grasp, and it’s what led Windows to be the security nightmare it was known to be for many years. How could users tell a good .exe from a bad one? This ultimately led to the rise of anti-virus software and a computer security industry built around protecting users from online threats. Even with Windows 10, users have to be proactive about their security The Best Antivirus Software for Windows 10 Want to tighten security on your PC? Here are the best antivirus software options for Windows 10. Read More .

Limiting downloads to primary app stores is part of the reason the mobile security landscape is a different story.


Why Would I Want to Get Apps Elsewhere?

Allowing software to come from sources other than Google Play has practical and philosophical benefits. Someone who doesn’t have much money to spend on apps may appreciate that Amazon allows users to get unlimited access to some software via Amazon Underground.

Others may like paying a price of their choice to get collections of games for cheap from Humble Bundle Humble Mobile Bundle 4 Is Packed With Discounted Android Games While it usually favours games on PC, the Humble Mobile Bundle is all about smartphones and tablets. The latest targets Android exclusively and gives you six top titles for a pay-what-you-want price. Read More . A person who only wants to install free and open source software may prefer to download apps from F-Droid Want to Rid Yourself of the Android Play Store? Kiss Google Goodbye and Try F-Droid Did you know that Android allows the installation of app stores other than the Play Store? You might already use apps from the Amazon Appstore and GetJar—but you probably never heard that a completely free,... Read More .


As long as the Unknown sources option remains unchecked, you can’t get software through any means other than the Play Store. If an app you like isn’t there or gets removed, you’re left without access. If you like Android but don’t want to tie your phone to a Google account, you too are out of luck.


If you know an update is out, but the Play Store hasn’t yet pushed it to your device, all you can do is wait. And even if you want to get software from the Play Store but have to download the APK manually to get around regional restrictions How to Download an APK from Google Play to Bypass Restrictions Need to get your hands on the installable APK file for an app from Google Play? We got you covered. Read More , you won’t be able to install it without enabling access to unknown sources.

Then there are the privacy implications of getting all of the software you use on your phone from a single place. Your Google account has a record of every app you’ve ever downloaded to your phone and, if you’re not new to Android, your phone before that. Your account shows how many devices you own, what they are, and what software is installed on each.

This information is also connected to the same Google account that handles your email, your Hangouts messages, your YouTube viewing history, and the physical location of your phone at all times since you’ve bought it See Where You've Been with Google Maps' New Timeline Feature Google can see everywhere you've ever been. Creepy or awesome? Read More .

If giving Google that much information leaves you feeling uncomfortable, you can limit how much data the company stores What Does Google Know About You? Find Out and Manage Your Privacy and Security For the first time, search giant Google is offering a way for you to check the information it has about you, how it is gathering that data, and new tools to start reclaiming your privacy. Read More . You can also cut back on how much information your Android device shares Android Users: How to Stop Giving so Much Personal Information to Google Android users, by default, give Google a lot of information. Here's how to get out of that trap. Read More in the first place.

Is Allowing Installation from Unknown Sources Really That Dangerous?

I would be lying if I said allowing software installation from unknown sources doesn’t open you up to extra risks — it does Malware on Android: The 5 Types You Really Need to Know About Malware can affect mobile as well as desktop devices. But don't be afraid: a bit of knowledge and the right precautions can protect you from threats like ransomware and sextortion scams. Read More . Malware lurks in unofficial app stores that lack the security measures you find on Google Play.

But for the most part, dangerous apps are easy to avoid. Stick to major app stores or repositories that you know you can trust. Don’t install APKs unless you can verify where they came from. Avoid suspicious links the same way you would on a PC.

The same practices that keep you safe on your computer are important to keep in mind on your phone or tablet, especially when apps can come from anywhere.

Should You Flip That Switch?

That depends on the kind of user you are. People who know how to avoid viruses on Windows should be able to handle themselves on Android just fine. But if you or a family member have a difficult time understanding what bad software even is, then you’re probably better off leaving things as they are.

It’s the single easiest thing you can do to keep your device safe. Most apps are available on Google Play, even if they may not always be as cheap as they are elsewhere.

That said, that isn’t how I use my phone How to Use Android Without Google: Everything You Need to Know Want to use Android without Google? No Google, no problem. Here's a guide to going Google-free on your Android device to regain privacy. Read More .

But that’s me — what about you? Do you install apps from unknown sources? What behavior would you recommend new users adopt? This question affects developers and users alike, so share your opinion in the comments below.

Related topics: Amazon, Google Play.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. JOHN
    December 29, 2016 at 2:16 am

    If unknown sources are really good sources like Amazon underground. I dont see a problem taking advantage of that source. Some complain that Amazon should just push all its stuff through Google Play like Amazon Video but I see the reasons for Amazon which sells its own tablets. I myself am not a Google play user but am A Amazon Prime member. So I like gaining access to Amazon Underground.

  2. Max
    June 26, 2016 at 9:25 am

    Just want to notice that I have bought some Android games via Humble Bundle... and some of said games (well appreciated games worldwide) actually contained a advertising malware which made a bottom-right pop-up box (ironically showing ads for Play Store).

    The thing is that Humble Bundle doesn't scan or check any games it release through it sales and especially not those for iOS and Android. Whenever someone report to them such thing as a malware within an Android or iOS game they are "hosting", they reply by specifying that all those who "buy a game" on Humble Bundle are purely responsible for any effect caused by the products. They take no action to fix any problem related to the security of their selection of software.

  3. Anonymous
    February 10, 2016 at 7:10 am

    This one (of many) things I dislike about Google. It can't be that hard to allow users a whitelist of trusred sources. But Google chooses the crude 'all or none' approach - then it scares people about malware potential.

  4. Anonymous
    February 9, 2016 at 3:32 pm

    It might be noted that for FireOS or AOSP (Android Open Source Project) devices, the Google Play Store is an Unknown Source. For those devices, Play Store apps might work inconsistently because they are missing parts of the Google Play Framework, but being able to install software from multiple trustworthy sources is still a strength of Android as a platform.

    It's also useful to mention that some useful apps are not published on any third-party stores and it is entirely possible that someone will need to download software directly from a developer. Firefox isn't on Amazon's app store at all, for example. In that case, the most expedient fix is to visit Mozilla's FTP site and download it directly.

    It's also useful to know about software like APK Share, which makes it possible to repackage an app installed on an Android device so that it can be copied to another. This is ALSO an unknown source, but it might be necessary in order to transfer an old version of a useful app that is no longer on an official app store (e.g. Beyondpod, ES File Explorer) or because the official app store doesn't carry the app you need.

    As for app stores I trust: Google, Amazon, Fdroid (all open-source projects; mainly for tiny utilities that only have ad-laden variants on Google) and the Humble Bundle. If I could white list just those stores, I'd be completely happy.

    • Bertel King
      February 9, 2016 at 6:58 pm

      This is all great information.

      And I agree. I would love the option to white list a few alternative app stores while blocking all other unknown sources. That would be great.

    • Anonymous
      February 10, 2016 at 1:52 pm

      For once, we agree on something. Amazon's Underground store is a godsend for *really* free apps (no microtransactions!)

      • Anonymous
        February 10, 2016 at 2:12 pm

        @Howard Blair,
        I'm glad you have a correct opinion for once, Howard. :)