Insecure app installation: Risks, consequences, and best practices for secure apps

Overview

Installing apps from untrusted sources significantly increases the risk of malware infection, data theft, and device compromise. Insecure app installation occurs when users download and install mobile applications from untrusted sources, such as unofficial app stores or third-party websites. These apps may be counterfeit versions of legitimate apps, or they could contain malware that compromises the device or user data. Insecure installation methods bypass the security checks and protections provided by official app stores like the Google Play Store or Apple App Store.

Risk factors

Insecure app installation can arises from:

• Unverified sources: Downloading apps from unofficial stores or direct links that do not enforce security verification.
• Sideloading: Manually installing APK (Android) or IPA (iOS) files from external sources, bypassing app store security measures.
• Phishing and social engineering: Users clicking on malicious links in emails, messages, or fraudulent websites, unknowingly downloading compromised apps.
• Rooted/jailbroken devices: Devices that have been rooted or jailbroken disable critical security protections, making it easier to install and run unauthorized applications.

Consequences

If an insecure app is installed, the following could happen:

• Malware infections: Malicious apps can steal user data, track activities, or deploy ransomware.
• Data breaches: Unauthorized apps may access sensitive credentials, banking details, or corporate data.
• Device takeover: Attackers can exploit insecure apps to gain full control over the device, disabling security features and installing additional malware.
• Repackaged malware: Cybercriminals can inject malicious code into trusted apps, deceiving users into downloading compromised versions.

Solutions and best practices

To mitigate the risks associated with insecure app installation, organizations should implement the following security measures:

• Download from trusted sources: Encourage users to only download apps from trusted sources like the Apple App Store or Google Play Store.
• Use app shielding: Application shielding can help protect the app from being repackaged and distributed via untrusted sources.
• Sideloading restrictions: Disable or restrict sideloading on devices where possible, or inform users of the risks.
• Secure app signing with whitelisted certificates: This ensures that even if the app is modified or repackaged, it can only run if signed with a whitelisted certificate. Organizations can securely manage and update the list of trusted certificates, enabling flexibility while preventing unauthorized modifications or distribution of the app.
  
  

Further reading

• Jailbreaking and root detection: The Promon perspective
• Mobile banking apps: A guide to mitigating fraud