Application security: how to make sure the APK file is secure

In today’s world of mobile technology, application security is a priority for every user. Every day we install new applications on our smartphones without thinking that some of them may harm the device or confidential data. Special attention should be paid to the security of applications installed not from official shops (via APK files). Below we will consider how a user can check the reliability of an app before installation, what is VirusTotal scanning and why it is important. We will also tell you what measures the Yono Apps catalogue takes to protect its users and give general recommendations on how to use apps safely.

Risks of installing apps and why you need to be scanned

The official app shops (Google Play, Apple App Store) have built-in malware filtering mechanisms. Google, for example, checks every APK uploaded to the Play Market and regularly scans installed apps through the Google Play Protect service. Therefore, apps from official sources are often safer. According to the Android security team, the risk of picking up malware when installing apps not from Google Play is about 10 times higher. This doesn’t mean that all APK files from the internet contain viruses, but the likelihood of encountering a dangerous app increases significantly.

The main threats from malicious apps are:

• Theft of personal data (logins, passwords, correspondence, contacts).
• Fraud with banking data, interception of SMS to access financial transactions.
• Discreet subscription to paid services, sending paid SMS.
• Damage or encryption of user files (ransomware).
• Using the device in botnet networks, cryptocurrency mining, etc., which leads to rapid battery drain and overheating.

Even a seemingly harmless torch app can request suspiciously wide access to the system. Therefore, it is important for the user to perform a minimal scan whenever he or she installs an APK file manually (downloaded from a website, from a forum, passed on to acquaintances, etc.).

Checking the application with VirusTotal

One of the easiest and most effective ways to check an application file is the VirusTotal service . It is a free online service that analyses suspicious files and links for viruses, worms, trojans and other malicious code. VirusTotal was created in 2004 by Hispasec, a Spanish company, and became part of Google in 2012. The service works very simply:

1. A user uploads a file (such as an APK) to virustotal.com.
2. VirusTotal scans the file with dozens of antivirus engines from different developers (Kaspersky, Dr.Web, Avast, McAfee and dozens of others).
3. When the scan is complete, a report is issued: which engines detected what. If the majority indicates that the file is clean, the file is considered most likely safe.

It is important to realise that VirusTotal does not guarantee absolute reliability of a file – antivirus triggers can be false, and unknown new viruses may not be detected. Nevertheless, the VirusTotal result is an excellent indicator. For example, if out of 70 antiviruses at least 1-2 marked an APK as a threat, you should be wary and study the details (the report usually tells you which virus is suspected). And if a dozen known antiviruses identify a threat at once – such a file should never be installed.

VirusTotal is popular among security specialists and ordinary users. It is free and does not require registration for a one-time file check. The only limitation is the size of the APK file: up to 650 MB (more than enough for most applications). If the file is very large (for example, a heavy game), you can check its URL (if you are downloading from a website) – VirusTotal knows how to analyse links as well.

An example of VirusTotal usage: you downloaded an APK file of a game from an obscure website. Before installing it, go to virustotal.com, download this APK ( Choose File -> Scan it!). After a minute you will see the result. Let’s say 0/68 (i.e. none of the 68 scanners found anything) is a great sign, you can install it. If, say, 5/68 and some well-known antiviruses have marked ‘Trojan.Android.Generic’ – it’s better to refrain from installing it.

How Yono Apps takes care of security

Yono Apps catalogue takes content security seriously. Understanding the risks described above, the Yono Apps team has taken the following steps to protect users:

• Scanning through VirusTotal. All APK files posted on the site are scanned by VirusTotal before they are published. In other words, when a developer or editor adds a new app to the catalogue, the file is automatically sent to dozens of anti-viruses for analysis. If something suspicious is detected, the file will not be offered to users. Thus, a user downloading an app from Yono Apps can be sure that it has been scanned for known viruses.
• Displaying the results of the scan. Next to the information about the app on Yono Apps, it can be indicated that the file has been checked and the date of the check. This increases transparency: the user can see for themselves that the file is fresh and has passed the virus check.
• Moderation and reviews. The directory team monitors reviews and complaints. If after an application is published, any user reports suspicious behaviour, the file will be rechecked. VirusTotal databases for already posted APKs are also regularly updated – in case some malicious activity was not recognised earlier, but was detected in new versions of antiviruses.
• Secure connection and file authenticity. The Yono Apps website uses a secure connection (HTTPS) for uploads so that the file cannot be tampered with along the way. In addition, the digital signatures of the apps are checked: if the author has released a new version, it must be signed with the same key as the previous one, otherwise it is suspicious. The user will also see a warning when installing if the signature does not match the installed version – this is a standard Android feature.

In this way, Yono Apps aims to provide not only a wide selection of apps, but also the assurance that the downloaded APK file does not contain malware. Of course, no method gives 100% guarantee, but multi-layered protection (anti-virus scanning + signature control + responsive reviews) significantly reduces the risks.

General tips for safe app usage

In addition to checking the APKs you install, we recommend following a number of simple rules that will help you avoid problems with mobile apps:

• Download from reliable sources. Ideally – official shops (Google Play, App Store). If the app is not available there, look for it on trusted sites (well-known app catalogues with a good reputation). Avoid random links and files from forums, torrents, especially cracked (mod, cracked versions) – they often contain ‘surprises’.
• Pay attention to rights (permissions). After installation, see what permissions the application requires. If a simple game asks for access to calls, camera, microphone, sms and geolocation – this is a reason to be wary. Limit unnecessary permissions through settings or don’t use a suspicious app at all.
• Read reviews and ratings. Before downloading an APK, try to find other users’ reviews of the app. Someone may have already noted strange behaviour (fast battery drain, ads appearing outside the app, pop-ups – these are all signs of unwanted software).
• Keep your system up to date. Install OS and application updates.
• Manufacturers and developers often close vulnerabilities through which viruses can enter. An updated phone is a more secure phone.
• Use antivirus on your device when necessary.
• There are many mobile antiviruses available on Android.
• If you often experiment with APK files, it makes sense to put one of the well-known solutions that will periodically scan the system. But do not overload the phone with a lot of ‘cleaners’ – one reliable product is enough.
• Backup important data. Make backup copies of photos, contacts, documents. This will not prevent infection, but if something happens (a virus encrypts files or the system goes down because of malware), you will not lose valuable information irrevocably.
• Don’t fall for social engineering tricks. Many viruses do not penetrate directly, but through deception: you receive an email or message offering to download a ‘cool new app’ via a link. Or an app promises paid content for free after installing an additional APK. Be sceptical of such offers. Always check if the link matches the developer’s official website.
• Uninstall apps you no longer need. The less software, the fewer potential holes. If you haven’t used an installed programme for a long time, it’s better to uninstall it. This is especially true for utilities that require system administration.

By following these rules, you will significantly improve your cybersecurity. A smartphone is a personal device, the keeper of a lot of personal information, so treat it with care. A little care when installing new applications will save you from serious problems in the future.

Conclusion

Mobile app security is a responsibility borne by developers, distribution platforms, and users themselves. For their part, services like Yono Apps implement multi-layered checks (APK scanning via VirusTotal, etc.) to protect their audience from malware. However, the end user should also remain vigilant: check sources, analyse permissions, and run files through anti-virus scanners themselves if necessary.

Remember that a few extra minutes to check an app can save you weeks of data recovery or money if an infection occurs. Install apps wisely and enjoy all the benefits of mobile technology safely!