Sign up to our newsletter
The latest security news direct to your inbox
Sure, iPhones are a lot more stable than Androids, but there is one place that Android has it all over the iPhone… you get to know what resources an app can access before you install it. This capability, coupled with comments on apps can really help you make better decisions about what you install on your Android.
Let’s take a look at 2 different file manager programs and what resources they require.
Both file managers, and lots of other free programs require full internet access. The main reason for this is that this is how the advertisements that pay for the software are delivered. If you want free apps then often you must agree to allow advertisements. The X file Manager also requires access to your SD card, your contact details and the phone state. None of these permissions are required for the Adao Team’s file manager. The X file Manager does have capabilities that the other file manager does not have. The X file Manager lets you copy, paste and rename files, view text and image files, listen to audio and send files as attachments. The ability to send files as attachments justifies the need for access to your contact data, but what you do not know is if the advertiser’s application that is built into the X file Manager also has access to that information. Will your contacts be spammed? I don’t know, but I do know that I can attach files to an email message without using the file manager. I would pick the app that requires less access to device resources.
Now let’s take a look at a third file manager.
The AndroApps File Manager wants to know your location as well. This is almost certainly so an advertiser can know WHERE you are. As a rule of thumb, if an app is being paid for by advertising, assume that the advertisers have access to all of the resources the application has access too. Now let’s move on to the comments. There are only 3 comments for the X file Manager. One comment complains of the app force closing often, another comment praises the opening screen and the third comment says the main screen is annoying. The app has and overall 3.5 star rating. I see nothing compelling enough to install this app. The AndroApps file manager fares even worse with 2 negative comments. This brings up a strange feature of the app store. The AndroApps File Manager is rated at 3.5 stars, yet the two visible comments are 1 star and 3 stars which average out to 2 stars. Either Google is really bad at math or they are hiding comments. Now take a look at some of the comments for the Adao Team File Manager.
Overall this app is getting great reviews, but there is one caveat. The comment by Dylan says “Awesome App! Just picked up a new Apple iPad for under $60 at www.iPadStores.net." You have to dismiss this comment because Dylan isn’t talking about the app, Dylan is a spammer for a web site that is probably not honest. When you see spam in the comments for Android apps then you should assume that the spammed website is not a safe place to visit. In some cases I have seen apps that only get 5 star ratings from spammers and have only 1 or 2 star ratings from actual users. Always filter out the spam comments and never trust what appears to be the overall rating.
Looking at both the required permissions for an app and comparable apps, as well as the comments can help you make a better choice. The other thing you want to look at is how long the app has been around. Since the apps often don’t say, look for a history of comments. If the app is malicious, you want to give other people a chance to find out for you!
One app that I was investigating had a comment that after installing the user received SMS spam. A week or so later I went back looking for the app and Google had removed it from the app store.
The Android provides tools to help you make intelligent decisions about what apps you install, but you have to use the tools.
Director of Technical Education
Author ESET Research, ESET