Security News > 2022 > April > Google’s monthly Android updates patch numerous “get root” holes
If you go off-market, things can get much more dangerous, not least because there are many unofficial Android app stores out there where pretty much anything goes, including some app repositories that deliberately pitch themselves as a handy place to get at software that Google "Doesn't want you to have".
As an aside, you might think that no one would deliberately seek out apps that clearly wouldn't be permitted on Google Play, or that have already been rejected by Google.
These apps are almost always off-market, but the crooks portray this as a strength, not a weakness, with the apps pitched as "Exclusive" precisely because they aren't available for just anybody to download. The risks of root.
Usually, Android apps are locked down so that each app runs as if it were an entirely separate user on the device, in the same way that you might have multiple logins on your laptop to share it with your family.
Even though Google doesn't always keep malware out, the Play Store does have a vetting process that all apps have to go through, as well as a mechanism for keeping installed apps up-to-date reliably.
Which is a lot better than an unknown "Alternative" app store open to anyone to submit any app they like, including apps that have already been rejected by Google itself.
News URL
Related news
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google rolls out new Find My Device network to Android devices (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Google now pays up to $450,000 for RCE bugs in some Android apps (source)
- Bug hunters can get up to $450,000 for an RCE in Google’s Android apps (source)