Update: Google is making it easier to find good Chrome extensions, here's how
If the past few days are anything to go by, you should be extra cautious when it comes to downloading apps from the Google Play Store.
That’s because there's been a spate of malware that’s managed to sneak into legitimate-looking apps that were hosted on the Play Store. Through various obfuscation methods, like hiding links to malware in the apps rather than actually loading them with malicious code, these apps were able to circumnavigate Google's security measures.
Case in point: Google recently pulled six antivirus apps from the Play Store that were loaded with Sharkbot, a type of trojan malware that was used to trick people into inputting their account and banking details, which were then sucked up and passed back to a command and control server for hackers to use at a later date.
Given these apps posed as fairly legitimate Android antivirus tools, it’s easy to understand how they were downloaded and installed some 15,000 times.
So it’s pretty worrying that apps loaded with such spying tools made their way onto the Play Store.
How to protect yourself from Android malware
Should you be worried? The good news is that Google is very quick to seek out and remove malware or spyware-loaded apps. And security researchers are dedicated to hunting down such apps. But at the same time it’s worth being cautious.
First off, always make sure you install applications only from trusted and verified publishers. If an unknown developer is suddenly offering, say, a game that looks like Call of Duty Mobile or a free Netflix-like streaming service, it could be a dodgy developer trying to trick you to download an app that’s either got malware or will bombard you with adverts; these used to be rather common in the early days of Android.
We also suggest avoiding apps and services that need to be side-loaded unless you are completely sure they come from 100% legitimate sources.
If an app does get your attention, then do a sense check by seeing what else is out there from the same publisher. And do make sure to look at app reviews, star ratings and how many times an app has been downloaded, as these offer a reasonable idea of how legitimate apps are. Apps with tens of thousands of downloads, like Instagram, as well as solid reviews, would suggest an app is safe and legitimate.
Do also avoid apps that ask you for a seemingly inordinate amount of information, especially any that wants you to part with any payment details. A lot of good and legitimate apps will tend to have Google Pay integration.
Android does still have some solid security features built in, but for extra protection check out our picks for the best Android antivirus apps. These antivirus tools can scan your phone and sniff out threats and mitigate them.
If you do encounter some dodgy apps, then make sure to alert Google to their presence. And feel free to flag any suspicious apps you spot to Tom’s Guide and we will investigate them.
Read next: Google's Family Link parental control app just got a big upgrade — here's what you need to know
