How to safely install an APK file

Android’s open source operating system, which has always been Google’s feather in the cap, has lately become one of hackers’ favorite platforms to place viruses, Trojans, and malwares; their diffusion is enormous, and even on the official Google we can find some dangerous apps.

The reason why this is happening is not only because Android is one of the most popular operating systems, but also because it’s extremely easy to create and place an app for Android compared to other closed operative systems such as iOS.

You can install an app through multiple tools; of course there is the Google Store, but as you know not every device has access to the Play Store, and not all the developers choose to distribute their apps through Google. For this reason, you can find a variety of alternative app stores on the web; TorrApk is one of them, as it allows developers to place their apps outside the Play platform.

How does an .apk file work?

At TorrApk we decided to distribute our applications through an application package “APK.” We made this choice because it seemed to us the most universal way to reach the users, as it only requires a browser, which is almost always available on Android devices. .apk files are available for installation on devices that have no access to internet, through what’s called “Side Loading”.

For those who are not familiar with .apk files (Android Application Package), just know that it’s a compressed file that contains the code necessary for the installation and running of an app on Android.

You don’t need Play Store to install the application, but you will need an app called PackageInstaller: it is a default Android app that installs .apk files. In order for the package to be installed correctly, you need a version of Android equal or more recent than the one file .apk was created for, or you’ll see the hideous message “parse error” during the installation process: it means that you’re trying to install an app on an outdated version of Android.

Before installing an APK package you have to enable the option “Unknown Sources” through the menu on the Android device under “Settings” and then “Security”. Some older versions of Android report the option “Unknown Sources” under the menu “Settings” and then “Applications”.

When you enable the option you’ll see a message warning you against the risks of such operation. Accept and proceed.

What are the risks of installing an .apk file?

The installation of unknown sources doesn’t come as a default option for safety reasons. As you can imagine, downloading a file from the Internet and installing it without being fully aware of what it is can lead to many problems: Trojans, adware and malwares are always a threat.

The biggest dangers are Trojans that aim to extract your personal data and malwares that are able to do movements that will cost you money. Adware are less dangerous, but they’re incredibly annoying when they shower you in useless and hideous ads.

How can I install applications safely?

The question is the following: what do I have to be aware of before installing a file .apk?

The following are a few advice that will help you protect your Android smartphone and the data it carries.

1 Use only trusted and reputable sources

Download .apk files only on app stores you trust.

If you want to download a file from a new app store or a website you never visited before, make sure to check reviews online.

Beware of those websites that allow users to upload anonymously any type of file without being controlled by the admins.

Avoid downloading cracked version of paid apps – it is illegal as well as risky. You can’t really believe that people cracking and uploading an app do it only for the sake of it! Most of the times such files are filled with malevolent codes.

It might be superfluous, because many of you already know us, but we want to remark that on TorrApk you’ll find exclusively original and free apps. We select carefully our developers through a long process: we reject many apps every day simply because we don’t feel they match our safety standards. However, if you have the feeling an app is suspicious, you can contact us through the button on the page of the app.

To wrap it up: you can enable the “Unknown Sources” option, but don’t do what its name suggests– download files from truly unknown sources!

2 Install a good Antivirus

This might sound like a trivial advice, but sadly it is not: there are a number of Android users that don’t use any antivirus. On Play and TorrApk you’ll find many free antiviruses: choose the one that meets your needs the best and use it.

After installing the antivirus you’ll notice that each time you’re going to install an app – both through Play or by downloading an .apk file – the antivirus will scan it to find possible threats. Update the antivirus regularly and scan your system periodically.

3 Use VirusTotal, Google’s online scan tool

Antiviruses have different ways to scan for viruses and not all of them might be able to detect every single virus. It would be great if we could use every antivirus on the market to protect our device, but sadly this is impossible: it would make the phone extremely slow and it would create conflict between the antiviruses compromising their efficiency.

However, there is a free Google tool called VirusTotal that analyzes suspicious files of different type (not just APK packages) containing 50 of the best antiviruses on the market.

The tool is free for non-commercial use and it’s perfect if you want to analyze an .apk file before installing it.

VirusTotal is very easy to use: you just need to select the file to analyze and click on the “Scan it!” button.

Before uploading it, the tool checks on previous analysis and if it has analyzed the file in the past it will ask you if you wish to see the previous result or proceed with a new analysis.

After the analysis, you’ll see a list of results made by every single antivirus. In the example down below the file shows no threats.

Note: even if VirusTotal is a quite efficient tool, it doesn’t replace an antivirus and it can’t protect your device in real time.

4 Always check the authorizations requested during the installation.

While installing an app you’re required to accept the authorizations the app requests. This is one of the most ignored steps, as users tend to wave it.

Authorizations define the operations that an app will be able to do on your device once you accept their terms. They should be coherent with the aim of the app.

Unfortunately, it’s not always that easy to judge whether such aims are coherent with the requests or not, partly because it might be unclear what permits the app is requesting, and partly because even apparently simple apps might actually require legit permits that seem odd.

Let’s say a calculator app requests the authorization to access the camera. This might sound like an odd request; however, the app might have a feature that scans paper to read calculus. In this case, the request is perfectly coherent.

Even if this last point is less important than the previous ones, we suggest you have a look at the permits an app requests before installing it. If you notice something suspicious, do some research on the web and on the forums to find reviews and answers from other Android users.