Originally Posted by Destrto
7 years clean. But Eh, YMMV
Your always clean until the day your not, and sometimes you wouldn't even know, some of this Android malware is so good that, depending on its goal, can stay installed and unnoticed for years before finally being detected. Those are typically the more Spy related variants, but there are also Add driven ones that work so discretely that a Common user might not even notice the extra traffic from their phone.
Anyways, I am much like you and often grab my app from a search on Google, which usually lead me to a place like APK Mirror or Android-APK.net, but there is a LOT of Malware on these sites, some people even take legitimate APK's, inject their malicious code into it, and then post it up on these sites, so you get the app you wanted, but get the Malware too. I got infected this way years ago by installing a Need For Speed Mobile game that I had played on my Sony Xperia Phone, but wasn't available on the Play Store when I switched to the Note 5, so I searched google for the APK, found it on APK Mirror, there were different APK's for different Phones on there, and I had downloaded all of them like a dumb ass to see if I could get them to work. One of those damn things infected my phone with a Ad driven Malware, and every time I clicked anything it would open up a Browser and display a crap ton of ads. Luckily I keep weekly backups, and this was literally right after switching to the phone, so I just factory defaulted the phone and then redeployed my fresh Image of the device, but that definitely taught me a lesson.
One thing I do now every time I want to side load an app is download it within a VM on my PC. I have an Android VM that I use in VMWare Workstation Pro, its a perfect VM of the Vanilla Android Experience. I have different Malware Tools on there, but keep none running in the background, I download the APK and install it on my VM, (and of course have a Snapshot of my fresh VM that I can always roll back to), then I run both a Malware Check and keep an eye on both my Wireshark and Firewall Traffic. for that VM's IP. This is how when an APK does end up being Malware I am able to track down exactly what the Goal of the Malware is, and report it to the Website I got it on with Proof of its behavior, but it also allows me to see if my Malware tools don't catch it, if it has any suspicious behavior. This admittedly does take about 10 to 20 Minutes to thoroughly check an APK, so its not something you will probably want to do if you have a bunch of APK's to install, but if you are only side loading apps every now and again, this is a way to ensure its clean.
Also, even though your chances of getting Malware through things like Aurora or even the Play Store itself are lower, just because you got it through an App store does not at all mean its clean. Obviously the chances of it being malware do drop significantly, and I haven't seen a higher rate of Malware on Aurora than I have with the Play Store (Although funny enough Amazon does seem to allow more Malware through in my experience then both the Play store and Aurora), but it absolutely can still happen. So obviously always stay vigilante. One REALLY good Android Anti-Malware that I can recommend that seems to catch MOST of the Malware I have found is Malwarebytes on Android. It does a surprisingly good job, and you don't have to run it in the background if you don't want to, you can simply launch it before installing a new APP, and it will pop up if the app you are trying to install is Malware, then you can force close it afterwards, its actually a pretty good and low resource tool on Android.
Anyway, as if anyone cared, thats my 2 cents (more like 200 Cents, lol) on the matter.