Useful information to warn users regarding unsafe apps and harmful industry practices

In order to help Android users to protect themselves against harmful apps, ESET presented its new blog, titled Android App Watch, in the framework of the Mobile World Congress 2019, celebrated in Barcelona, Spain.

The specialized blog’s main objective is to provide users with the information and knowledge they may need to make the right decisions regarding their Android devices. Besides warning users about unsafe apps and bad industry practices, it helps app developers.

“Unsafely developed apps, which place user privacy or money at risk, is an increasing problem. These apps do not count as malware and, therefore, cannot be blocked by safety measures. Likewise, the risk they present can be quite grave,” said Lukáš Štefanko, the ESET safety researcher in charge of the project.

Safety risks linked to non-malicious apps are based on app vulnerabilities or those found in their back-end servers, with unencrypted communications between the app and its server that filter confidential information and data, thus avoiding the app’s protection mechanisms by remotely executing codes or even injecting SQL.

Since safety solutions cannot block unsafe apps, users must protect themselves. The problem stems from the fact that, from the user’s point of view, it is hard to distinguish an unsafe app from a safe one. Rules don’t apply since apps are too varied to adjust to simple patterns or criteria. What experts recommend is to keep a healthy level of mistrust based on the knowledge of what goes into developing an app, business models and the general look of the Android ecosystem.