The latest Android update -- Android Oreo -- removed the allow unknown sources switch that gave users the ability...
to load apps on their devices from outside of the Google Play Store. What does this mean? Has the feature gone away or are there other ways to allow apps from third-party sources?
Android Oreo did remove the install apps from unknown sources option from its security settings, which gave users the ability to do just that -- install apps from sources other than the Google Play Store.
However, Google substituted that option with a better feature known as install unknown apps. Now, the user must agree to each app being installed that's not from the Google Play store. There is a new menu in the apps section of the settings that enables specific apps -- which the user chooses -- to install programs from unknown sources.
For example, the user might allow Chrome to install unknown apps because the user is looking up APKs from a site like APKMirror. The user typically would not want a game to install apps from unknown sources because there would be no need for it to do so.
With Android 7.1 and below, it was either all apps had access to installing apps from unknown sources or no apps had access. This made it easier for something like a virus to trick the user into installing an app they did not want.
Any app that the user allows to install from unknown sources agrees to a message stating: "Your phone and personal data are more vulnerable to attack by unknown apps. By installing apps from this source, you agree that you are responsible for any damage to your phone or loss of data that may result from their use."
With the install unknown apps feature, Android gives a fair warning about unknown sources and helps users make sure they know what they're installing. However, mobile security best practices typically frown upon installing apps from any sources other than legitimate vendor app stores or private, enterprise-approved app catalogues. Even legitimate sources, like Google Play and Apple's App Store, can sometimes let fake and fraudulent apps past their security screening.
Generally, enterprise security policies for both BYOD and company-owned devices prohibit the installation of apps from any source other than a preapproved app store.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading