What are third party app stores and are they safe?

Learn more about third party app stores and why people use them even with the risks they can pose for your mobile device.

February 18 2018 by

Liarna La Porta

Holding iPhone showing apps on screen.

The Apple App Store for iOS and the Google Play Store for Android are the two largest distribution channels for mobile apps. But there’s a big bad world of third party app stores and apps that exist outside of these two major players. In fact, there are more than 300 app stores worldwide and that number continues to grow.

Some mobile device manufacturers install their own app stores. For example Samsung Galaxy Apps for Samsung mobile devices alongside the Play Store and the Amazon Appstore for the Kindle Fire.

So which app stores make up the rest of the app store world? They are third party app stores. And this is the good and the bad news about them.

What is a third party app store?

Before getting into third party app stores, it’s important to answer the question, “what are third party apps?”. Third party apps are basically any apps that aren’t native apps, in other words, an app created by a vendor that is not the manufacturer of the device and/or its operating system. With that said, third party app stores are app marketplaces that only offer third party apps.

Some are built by independent developers and some by established organizations. Many third party apps are available on official app stores app and are regarded as relatively low risk since they follow the strict criteria set out by the likes of Google and Apple on their app stores. But then there are some that don’t.

As a business, it’s important to control where app downloads are coming from on your corporate devices. Each app store has its own security vetting and approvals processes, some of which may not be up to standard. So the apps coming from third party app stores may carry a certain risk. So why do people use them?

If third party app stores are risky, why do people use them?

It can seem like the wild wild west of apps, but there are a few valid reasons why third party app stores continue to draw a crowd.

Developers may want to circumvent the rules of the major app stores to distribute apps that allow users more access to the system such as open-source software. They may also want to offer paid services for free, like “hacked” versions of paid apps or pirated movies and music. The open nature of the Android platform lends itself to these downloads.

Third party apps stores not only provide developers with more freedom but also faster speed to market. The approval processes are less strict than the App Store and Google Play Store which means approvals are processed much faster.

Third party app stores flourish in countries such as China where Google Play isn’t officially available. Tencent takes almost a quarter of the China’s fragmented Android app market according to Newzoo.

Third party app stores offer developers a slew of benefits and differentiated marketing and distribution strategies. Especially those developers offering apps to niche audiences, where they tend to get more exposure due to less competition.

Some users prefer using alternative app stores to avoid using Google and Apple services as part of their philosophy or desire to protect their privacy. Third party apps stores can also accept different payment methods such as cryptocurrency so users can remain anonymous.

It is important for enterprises to have visibility into third party apps from non-sanctioned sites on their enterprise-managed devices. One of the main threats to the security and integrity of Android devices is installing apps from third party app stores, otherwise known as sideloading.

What is ‘sideloading apps’?

Sideloaded apps are apps whose installers are unknown, meaning the app was not installed from an official app store. Most often, they take the form of application packages installed on Android devices using the USB interface, or IPA files on iOS leveraging a jailbroken device.

These packages are downloaded from third-party app stores such as Amazon, Getjar, Mobogenie, Slideme and Appbrain, usually through a computer. The problem is, some of these apps are exceptionally vulnerable to malware infiltration.

However, sideloading is an important capability in the enterprise for installing enterprise-developed apps. Many enterprise apps are not uploaded to the official stores, as they are proprietary apps with important functions built specifically for employees. To download third party apps for Android and install them, the user has to enable “unknown sources” in the security settings of the device, but iOS devices must be jailbroken in order to sideload third party apps.

But opening up these permissions exposes the businesses to huge risk as users then have the freedom to download apps from other untrusted sources.

Why is sideloading apps dangerous?

Sideloading apps is not a dangerous practice in itself. The vulnerability for users and businesses arises because these applications are not installed through official channels. This means they can more easily become entry points for malicious malware, introducing the need for mobile security solutions

When going through the process of making an application available on one of the traditional app stores, developers must meet rigorous security standards and adhere to certain quality metrics. In fact, in 2012, over 30% of all application submissions made to Apple were rejected.

Conversely, third-party app stores tend to set their security standards lower and make it easier for users to gain access to apps that may have security deficits. Hackers are aware of this and can easily implement malicious code within the format of an application.

In order to protect your business, it would be wise to block access to third party app stores on employee devices with a content filtering solution. In addition, IT administrators should consider a solution that can detect if an iOS device has been jailbroken by a user in real time.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.