2

I installed an app for custom notifications from the Playstore. The app requires sensitive permissions (camera, contacts, and storage), but has no network access. When I selected a setting the app said I needed to install another app and then my phone displayed a window prompt asking if I will install an app from an untrusted source. My concern is if this app could be spyware with internet access to steal my data. Is this possible if the main app has no network access and no downloading permissions?

I contacted the developer and they told me that particular setting requires an "older API level" that is not possible for main apps to have. I am not knowledgeable enough to know if this is a valid reason.

Improve this question
1
  • There is relationship between the permissions of the app that installs an app and the app that is installed. For publishing apps on Google Play Store Google enforces that the "targetSDK" is the latest API versions which disables certain compatibility settings that would get active if the targetSDK would be lower. Therefore the "older API level" could be a valid reason for side-loading an app.
    – Robert
    Commented Jan 20, 2021 at 8:17

1 Answer 1

Reset to default
1

It's not common but it's not unusual either. I use this MacroDroid automation app. It requires a helper app that can't be published on Play Store and therefore developer provides a link to download, with this explanation:

In order to toggle Wifi on devices running Android 10+ a new helper file is now required. This helper file is built against an older target SDK allowing it to still invoke the Wifi functionality. It cannot appear on the Play Store since they no longer allow apps built against older SDKs to be uploaded.

When a WiFi toggle action is triggered, the installed app (from Play Store) sends an intent to this helper app, thereby circumventing Android 10+ restrictions. So it's a win - win for all because the app functionality is not degraded.

So, if you trust the developer and are sure you need that additional app, you can go ahead. As an added precaution, download the apk and examine it's permissions before installing (Mixplorer does that).

Improve this answer
3
  • Thanks for the answer, but I don't know if I trust the developer and if I need the additional app. The app I'm using doesn't ask me to visit a website (maybe the button is a hyperlink to a website?) The developer's first language isn't English so I may have misunderstood, but they said the second app is already downloaded with the main app.
    – Equinox
    Commented Jan 20, 2021 at 15:11
  • In that case don't use that app, find an alternative. There is no point in having an app on your phone if you don't trust//There are apps that install a second app straight away, I can think of helper app in the same automation app. It is installed straight away but if you need Wi-Fi toggle you need to replace the original helper app with this
    – beeshyams
    Commented Jan 20, 2021 at 15:38
  • Thank you I ended up not installing it.
    – Equinox
    Commented Jan 20, 2021 at 15:52

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .