Security News > 2022 > April > Google’s monthly Android updates patch numerous “get root” holes
If you go off-market, things can get much more dangerous, not least because there are many unofficial Android app stores out there where pretty much anything goes, including some app repositories that deliberately pitch themselves as a handy place to get at software that Google "Doesn't want you to have".
As an aside, you might think that no one would deliberately seek out apps that clearly wouldn't be permitted on Google Play, or that have already been rejected by Google.
These apps are almost always off-market, but the crooks portray this as a strength, not a weakness, with the apps pitched as "Exclusive" precisely because they aren't available for just anybody to download. The risks of root.
Usually, Android apps are locked down so that each app runs as if it were an entirely separate user on the device, in the same way that you might have multiple logins on your laptop to share it with your family.
Even though Google doesn't always keep malware out, the Play Store does have a vetting process that all apps have to go through, as well as a mechanism for keeping installed apps up-to-date reliably.
Which is a lot better than an unknown "Alternative" app store open to anyone to submit any app they like, including apps that have already been rejected by Google itself.
News URL
Related news
- Vanir: Open-source security patch validation for Android (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)