Everybody likes to have the latest and greatest on their devices and
that typically means that you are downloading and installing a lot of
extra goodies on your device. It is becoming increasingly common to
have unwanted things delivered with whatever you are trying to install
on your device. To be absolutely safe, you shouldn’t download anything
that doesn’t come directly from your OEM and even that is no guarantee
that extra “unwanted” stuff won’t end up on your device. These extra
things may compromise your privacy or they may just bomb you with
adware, either way here is a short guide to help you from installing
malware.
1. Stay away from warez.
If someone is going to crack an app to save a little money, they probably can’t be trusted not to add a little bit of extra code designed to line their own pockets. The more warez on the website the more you should be worried about your download. The Google and Amazon app stores really care about their reputations, so they typically go to some effort to remove malware as soon as they find it. Same goes for xda, but you should still expect some malware to sneak through, but the problem is really much worse with the alternative App stores that don't care so much for their user base.
2. Pay close attention to what is being downloaded.
Check the name and the extension of what you downloaded, if they are wrong, then it is probably something you don’t want to install.
An increasing number of file hosts are trying to “trick” users into downloading windows or Mac Installers that typically deliver adware to your computer. If it ends in .exe or .dmg but you are expecting .apk or .zip then you should probably stay away. Please note that All-In-One tool kits and some other things may actually come with .exe, so just use your common sense. Similarly, many malware engines won’t flag adware because it is something that you have “chosen” to install, so it is probably a good idea to be careful with anything that even 1 or 2 malware engines flag as adware. Many file hosts have started offering more than one download link. A real link, for what you want, and then some fake links that take you to ads or provide you with unwanted malware rather than the file you want. Using an adblocker will help reduce these fake links, but again, just make sure what you end up downloading is what you really want. Asking to install a download accelerator, download manager, or pretty much any kind of update to get the download to work are common ploys to get you to download and install something you really don't want.
Example of fake download links:
3. Run a malware check on the download before installing it.
I prefer https://www.virustotal.com & http://sanddroid.xjtu.edu.cn/#home but there are plenty of other tools (see http://wiki.secmobi.com/tools:android_dynamic_analysis for a more thorough listing).
Virustotal uses a number of anti-malware engines to scan your file for known malware. The more tools that return a positive match the more likely it is that you have downloaded malware. If you downloaded something that can root your phone then in all likelihood some scanners will flag it as malware and those can be considered as false positives. Please be aware that just because an app is rated as clean, doesn’t mean that it really isn’t malware. Maybe it hasn’t been identified as malware yet or maybe the sandbox didn’t activate the malware parts of the app.
good: https://www.virustotal.com/en/file/d...is/1389439909/
bad: https://www.virustotal.com/en/file/5...29c1/analysis/
false positives from Rooting App:
https://www.virustotal.com/en/file/0...7d43/analysis/
Sanddroid is just for checking apps and will run them in a sandbox and then tell you about the behavior of your app.
good: http://sanddroid.xjtu.edu.cn/report?...A9767918B55037
bad: http://sanddroid.xjtu.edu.cn/report?...0B2F3F180AED8C