Expert Comment – Google Warns Huawei Owners Against ‘Sideloading’ Its Apps

The recent warning from Google urging people to not bypass the ban on Google Apps for new Huawei phones shines a spotlight on the vulnerabilities and threats in mobile applications. Despite the ongoing political debate over the security implications of Huawei, mobile operators need to make sure that subscribers are aware of the risks associated with downloading certain mobile apps more widely.

In particular, Android phones allow users to install apps from unverified sources which are highly risky as these apps can be exploited by threat actors. Insecure interprocess communication (IPC) is a common critical vulnerability, allowing an attacker to remotely access data processed in a vulnerable mobile application. Our research also shows that 75% of Android applications have higher vulnerabilities compared to 30% of iOS applications.

Subscribers need to vet an app and trust the app developer before installing a new app. Users need to make sure they download software from verified sources only, check a developer\’s history and always check the permission settings before installing. If the developer has created other apps with suspicious names, such as “Wi-Fi booster”, “Easy Root \’\’ or “Funny Videos”, then it might not be a trustworthy one. More tech-savvy subscribers can manually switch on the option to download from untrusted sources. Having said that in a lot of cases, users will try to install an app from untrusted sources and will ignore the notification, \”you need to turn on untrusted sources”. Many people will choose to ignore this notification and allow their device to download apps from unverified sources. To keep safe its good to check reviews online of the application before installation. If you see the app was mentioned as suspicious by even one user, don’t install it.