How safe is sideloading APKs?
As Android users, most of us have the ability to sideload apps directly onto our smartphones and tablets – no app store needed! People who use other operating systems on their mobile devices aren’t always so lucky. To load apps on their devices from sources other than those officially sanctioned by the company that makes their phone, many have to go through a jailbreaking or unlocking process. While not necessarily a “bad” thing, jailbreaking brings with it many other implications that reach significantly deeper than simply installing an app. Most Android-powered devices provide the opportunity to simply “sideload” an APK directly to the device.
What’s an APK?
Apps for any platform are comprised of more than just one file. They depend on the main executable, plus libraries and resource files, to name a few. Android apps are no different and come packaged in a format called an Application Package File (or “APK”, for short). This file format is used to distribute apps in a single, bundled file.
APKs combine all the necessary files in a compressed ZIP format and have the file extension of .apk.
What is sideloading?
Most of the time apps are going to come pre-loaded on your device, or you’ll download them from the Google Play Store or Amazon Appstore. App stores have the advantage of holding and organizing thousands upon thousands of apps. Apps distributed through these stores may be scanned for malicious code prior to being published, can push updates to the apps distributed through them, and can even recall apps from your device in the future, just in case something unsafe slipped through.
Since the majority of devices come pre-configured to use one of the major app stores, the ability to sideload apps is usually disabled by default. This is a security consideration, since installing software from unknown sources carries with it significantly more risk than installing an app through a trusted app store.
If you’re willing to take the risk, simply head to your Settings, then Security, and enable installation of apps from sources other than your app store. Modern versions of Android have a second layer of protection built-in, allowing Google to check all your installed apps for what it deems “harmful behavior”. The checkbox to enable this feature is usually immediately below the “Unknown sources” checkbox, and is worth your while to have enabled.
How can you stay safe?
Installing an APK from a source other than a trusted app store is a risk, there’s no simpler way to put it. Since APKs are just a collection of files ZIPped together in a special format, it is entirely possible for someone to repackage an app with malicious code included.
Let’s say you want the latest version of Google Maps on your device, but for some reason it’s not yet available where you live. Some websites offer not only a link to the Play Store (where the app will probably show up for you – eventually) and another link to a download service, from which you can download the APK for sideloading. That APK could have had malicious code injected into it, sitting in wait for you to install onto your device. You trust Google and the Google Maps app, so what could go wrong? Most users don’t stop to consider that apps distributed through unofficial sources could have been tampered with, regardless of how much you may trust the original author.
To reduce this risk, avoid “shady” apps and APKs distributed through unofficial channels. There’s no such thing as a free lunch, and an app or app store that seems too good to be true probably is. Sites that imply illegal, immoral, or unethical things should also be avoided — not because of the type of activity they allegedly enable, but because the “bad guys” often prey on the type of user that installs software from this type of source.
Your best bet is to stick with apps distributed through an app store, or directly from the author’s site (if they’ve made that available to you). If that’s not an option for you, here are some third-party app stores that you can try:
Regardless of which route you decide to pick – or even if you decide not to sideload apps at all – keeping what we’ve talked about here in mind will help mitigate the risk while letting you exercise the freedom and flexibility that Android is famous for.