The latest Android update -- Android Oreo -- removed the allow unknown sources switch that gave users the ability...
to load apps on their devices from outside of the Google Play Store. What does this mean? Has the feature gone away or are there other ways to allow apps from third-party sources?
Android Oreo did remove the install apps from unknown sources option from its security settings, which gave users the ability to do just that -- install apps from sources other than the Google Play Store.
However, Google substituted that option with a better feature known as install unknown apps. Now, the user must agree to each app being installed that's not from the Google Play store. There is a new menu in the apps section of the settings that enables specific apps -- which the user chooses -- to install programs from unknown sources.
For example, the user might allow Chrome to install unknown apps because the user is looking up APKs from a site like APKMirror. The user typically would not want a game to install apps from unknown sources because there would be no need for it to do so.
With Android 7.1 and below, it was either all apps had access to installing apps from unknown sources or no apps had access. This made it easier for something like a virus to trick the user into installing an app they did not want.
Any app that the user allows to install from unknown sources agrees to a message stating: "Your phone and personal data are more vulnerable to attack by unknown apps. By installing apps from this source, you agree that you are responsible for any damage to your phone or loss of data that may result from their use."
With the install unknown apps feature, Android gives a fair warning about unknown sources and helps users make sure they know what they're installing. However, mobile security best practices typically frown upon installing apps from any sources other than legitimate vendor app stores or private, enterprise-approved app catalogues. Even legitimate sources, like Google Play and Apple's App Store, can sometimes let fake and fraudulent apps past their security screening.
Generally, enterprise security policies for both BYOD and company-owned devices prohibit the installation of apps from any source other than a preapproved app store.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Kevin Beaver
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.