Time and again, we hear about Android being the worst platform in terms of security, mostly because it’s rife with malware. Apps that steal personal information and call into expensive premium numbers have purportedly proliferated even the official app repositories at one time or another. Malware is mostly widespread in third-party app marketplaces, though. One thing’s for sure: if an app does not come from Google Play or reputable sources like Amazon AppStore, then there is a higher likelihood of it being tampered with or infected.
Read also: Android malware will eat your children
Here’s one reason why you shouldn’t use pirated Android apps. It’s very easy to inject malicious code into Android app packages, which means any app out on the wild can potentially include malicious code. If you can download a cracked, free .APK of an app of an otherwise download as a paid application from Google Play, chances are it may already have been tampered with.
A post on Android App Development Ireland blog details how easy it is to inject keylogger code into SwiftKey, one of the more popular third-party Android keyboards (alongside Swype and Touchpal, among others). “Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK,” said the author, who has detailed how he was able to insert keylogger code into the Swiftkey APK, which then resulted in a keyboard replacement that sends all keylogs to the predefined server.
The method involves reverse-engineering the application package with apktool. Then the author injected the keylogger code into the source, after which the app was rebuilt and then signed. The author offers readers access to the hacked APK, which they can test. Results of the logged keystrokes are made available on this site (you can also view previously logged keystrokes from other users).
Read also: Best antivirus apps for Android 2013
Again, there’s no doubt that the more open nature of Android (relative to other platforms) makes it more susceptible to malware. Side-loading .APKs from untrusted sources adds to the risk. While there’s nothing inherently wrong about being able to side-load apps to your device, this is just a warning to be more careful with the apps you install.