Need gmail account to install app, but don't want one - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

Need gmail account to install app, but don't want one

Reply
 
Thread Tools
post #11 of 12 (permalink) Old 08-21-2019, 01:33 PM
Tech Enthusiast
 
oreonutz's Avatar
 
Join Date: Jun 2017
Location: Las Vegas, NV
Posts: 506
Rep: 41 (Unique: 24)
Quote: Originally Posted by Destrto View Post
7 years clean. But Eh, YMMV
Your always clean until the day your not, and sometimes you wouldn't even know, some of this Android malware is so good that, depending on its goal, can stay installed and unnoticed for years before finally being detected. Those are typically the more Spy related variants, but there are also Add driven ones that work so discretely that a Common user might not even notice the extra traffic from their phone.

Anyways, I am much like you and often grab my app from a search on Google, which usually lead me to a place like APK Mirror or Android-APK.net, but there is a LOT of Malware on these sites, some people even take legitimate APK's, inject their malicious code into it, and then post it up on these sites, so you get the app you wanted, but get the Malware too. I got infected this way years ago by installing a Need For Speed Mobile game that I had played on my Sony Xperia Phone, but wasn't available on the Play Store when I switched to the Note 5, so I searched google for the APK, found it on APK Mirror, there were different APK's for different Phones on there, and I had downloaded all of them like a dumb ass to see if I could get them to work. One of those damn things infected my phone with a Ad driven Malware, and every time I clicked anything it would open up a Browser and display a crap ton of ads. Luckily I keep weekly backups, and this was literally right after switching to the phone, so I just factory defaulted the phone and then redeployed my fresh Image of the device, but that definitely taught me a lesson.

One thing I do now every time I want to side load an app is download it within a VM on my PC. I have an Android VM that I use in VMWare Workstation Pro, its a perfect VM of the Vanilla Android Experience. I have different Malware Tools on there, but keep none running in the background, I download the APK and install it on my VM, (and of course have a Snapshot of my fresh VM that I can always roll back to), then I run both a Malware Check and keep an eye on both my Wireshark and Firewall Traffic. for that VM's IP. This is how when an APK does end up being Malware I am able to track down exactly what the Goal of the Malware is, and report it to the Website I got it on with Proof of its behavior, but it also allows me to see if my Malware tools don't catch it, if it has any suspicious behavior. This admittedly does take about 10 to 20 Minutes to thoroughly check an APK, so its not something you will probably want to do if you have a bunch of APK's to install, but if you are only side loading apps every now and again, this is a way to ensure its clean.

Also, even though your chances of getting Malware through things like Aurora or even the Play Store itself are lower, just because you got it through an App store does not at all mean its clean. Obviously the chances of it being malware do drop significantly, and I haven't seen a higher rate of Malware on Aurora than I have with the Play Store (Although funny enough Amazon does seem to allow more Malware through in my experience then both the Play store and Aurora), but it absolutely can still happen. So obviously always stay vigilante. One REALLY good Android Anti-Malware that I can recommend that seems to catch MOST of the Malware I have found is Malwarebytes on Android. It does a surprisingly good job, and you don't have to run it in the background if you don't want to, you can simply launch it before installing a new APP, and it will pop up if the app you are trying to install is Malware, then you can force close it afterwards, its actually a pretty good and low resource tool on Android.

Anyway, as if anyone cared, thats my 2 cents (more like 200 Cents, lol) on the matter.

-MattTheTech

Offical Ryzen 9 3900x Owner!
DodekaZen3000
(28 items)
CPU
Ryzen 9 3900x
Motherboard
ASUS Crosshair VII Hero
GPU
EVGA 1080ti FTW3 Hybrid
RAM
G.SKILL Flare X Series 32GB (4 x 8GB) 3200Mhz (PC4 25600) - F4-3200C14D-16GFX (x2 Kits)
Hard Drive
Samsung 970 Pro 512GB
Hard Drive
Samsung 970 Evo 1TB
Hard Drive
Samsung 850/860 Evo (x3 Raid 0 Game Drive)
Hard Drive
WD Black 4TB (x2 Raid 0 Storage Drive)
Hard Drive
860 Evo
Optical Drive
LG Blu-Ray Burner (Model BH16NS40)
Optical Drive
5.25" to One 3.5" and One 2.25" Bay (Model Syba SY-MRA55006)
Power Supply
Corsair RM1000i
Cooling
EKWB Phoenix 360mm Modular Cooler
Case
Old Jonesbo Case
Operating System
Windows 10 Enterprise
Monitor
Samsung NU8000 55Inch TV (Its a 4k TV But I run in it 1440p 120hz)
Monitor
LG 1080p 34 Inch Diplay
Keyboard
Corsair k70 RGB Lux Mk2
Mouse
Logitech G700s
Mousepad
Razer Vespula V2
Audio
Custom Built 7.1 Surround System
Audio
HT-Omega eClaro 7.1 Sound Card
Audio
Focusrite Scarlett 18i20
Other
Aquantia 10Gb NIC
Other
LSI 9211-8i
Other
Oculus Rift HMD
Other
10 ML120 + 2 ML140 Corsair Maglev Fans
Other
Phanteks Halo aRGB LUX x5
▲ hide details ▲

Last edited by oreonutz; 08-21-2019 at 01:40 PM.
oreonutz is offline  
Sponsored Links
Advertisement
 
post #12 of 12 (permalink) Old 08-22-2019, 12:24 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,060
Rep: 119 (Unique: 103)
Quote: Originally Posted by oreonutz View Post
Anyways, I am much like you and often grab my app from a search on Google, which usually lead me to a place like APK Mirror or Android-APK.net, but there is a LOT of Malware on these sites, some people even take legitimate APK's, inject their malicious code into it, and then post it up on these sites, so you get the app you wanted, but get the Malware too.

One thing I do now every time I want to side load an app is download it within a VM on my PC. I have an Android VM that I use in VMWare Workstation Pro, its a perfect VM of the Vanilla Android Experience. I have different Malware Tools on there, but keep none running in the background, I download the APK and install it on my VM, (and of course have a Snapshot of my fresh VM that I can always roll back to), then I run both a Malware Check and keep an eye on both my Wireshark and Firewall Traffic. for that VM's IP. This is how when an APK does end up being Malware I am able to track down exactly what the Goal of the Malware is, and report it to the Website I got it on with Proof of its behavior, but it also allows me to see if my Malware tools don't catch it, if it has any suspicious behavior. This admittedly does take about 10 to 20 Minutes to thoroughly check an APK, so its not something you will probably want to do if you have a bunch of APK's to install, but if you are only side loading apps every now and again, this is a way to ensure its clean.

Also, even though your chances of getting Malware through things like Aurora or even the Play Store itself are lower, just because you got it through an App store does not at all mean its clean. Obviously the chances of it being malware do drop significantly, and I haven't seen a higher rate of Malware on Aurora than I have with the Play Store (Although funny enough Amazon does seem to allow more Malware through in my experience then both the Play store and Aurora), but it absolutely can still happen. So obviously always stay vigilante. One REALLY good Android Anti-Malware that I can recommend that seems to catch MOST of the Malware I have found is Malwarebytes on Android. It does a surprisingly good job, and you don't have to run it in the background if you don't want to, you can simply launch it before installing a new APP, and it will pop up if the app you are trying to install is Malware, then you can force close it afterwards, its actually a pretty good and low resource tool on Android.

Anyway, as if anyone cared, thats my 2 cents (more like 200 Cents, lol) on the matter.
This is the attitude of pros and guys that know what's up.

Quote: Originally Posted by Destrto View Post
7 years clean. But Eh, YMMV
This is the attitude that gets you owned. Like really why download a sketchy APK off sites that have no real review/feedback system or one that can be rigged easily when there are many other sources where you can be fairly confident. e.g. Github, XDA, F-Droid and even the dread Google Play/ which Aurora & Yalp use.

Would you even know where to look to check if you did have malware? What do you even consider malware is another question because depending on the user some of the crap that Google allows on their app store would qualify as malware, e.g. apps that make unsolicited connections in the background without any permission given. The official Facebook app is malware if you ask me.

Quote: Originally Posted by oreonutz View Post
Your always clean until the day your not, and sometimes you wouldn't even know, some of this Android malware is so good that, depending on its goal, can stay installed and unnoticed for years before finally being detected. Those are typically the more Spy related variants, but there are also Add driven ones that work so discretely that a Common user might not even notice the extra traffic from their phone.
Some of the high end Chinese malware basically uses root exploits and installs itself into /system. Unless you are rooted yourself and have special tools, unlocked boot loader/custom recovery you wouldn't even know it or be able to get rid of the malware no matter how many factory resets you do. Root exploits are not that uncommon either given than the average Android normie is running a phone that has Android security patches two years out of date.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off