It’s 2022 yet some users still hesitate to install apps outside of Google Play, thinking that apps on Google Play are “more safe”. This is simply not true, and here’s why.
We know it all. After all, we’ve been developing mobile security solutions for years and we’ve always published our app both on Google Play and our own website, until Google finally pulled our app off its shelves because MHC’s features are just way too extreme for them.
So here’s a crash course to Android App Security to clear things up.
Does Google Play guarantee apps are safe?
No. When you install an app from Google Play, Google only guarantees you 2 things:
1. Google considers the app aligns to their Developer Policy. However this “safety” they refer to is all about app content; e.g. they disapprove apps containing sexual or violent content, etc. And they don’t allow apps that pretend to be another app. (i.e. our case, where MHC is installed as a notepad app)
2. Google guarantees the app you install from Google Play is exactly the APK file the developer uploaded; i.e. you know that Google Play app page is that developer’s, not someone else’s.
Does Google review the code of apps submitted to Google Play and guarantee the app is safe?
No. Google simply reviews the app features and content. If they find content in the app they don’t like, they ban the app. As simple as that.
So what does Google Play protect me from?
1. Google Play protects you from content Google doesn’t like; e.g. sexual & violent content, etc.
2. Google Play protects you from counterfeit APK files; i.e. you know you’re installing the official package the developer themselves uploaded there, not some modded APK files some other hackers might have tampered with.
Does Google Play protect me from bad developers? Bad code?
Remember, there’s no code review. When you install an app from Google Play, you’re just trusting that the app you’re installing is exactly the app package that the developer uploaded to the playstore, i.e. it’s the official software package from that particular developer and nobody else has injected any malicious code into that particular app package.
However there is no guarantee that the app itself is not malicious. This can be a good app or a malicious app, from a good developer or from a bad developer.
How to consider if a developer is trustworthy or not?
Look into the developer’s history, their app’s permission requirements and if they run advertising.
e.g. we’ve always publicly shared MHC’s permission requirements:
– microphone (for video recording)
– display over other apps (for running along other apps in background shooting mode)
– notifications (optional, Android T+ asks for this when MHC runs in service mode for background shooting)
– network access (to send support ticket & for license activation)
– modify or delete the contents of your USB storage (for file storage on older Android devices)
– control vibration (for vibration feedback)
– prevent phone from sleeping (so your recording won’t end prematurely)
– modify system settings (to control airplane mode so your recordings don’t get interrupted)
– All files access (to save files to any fully customized, hidden storage locations; Google has tighted up file storage permissions on Android so this permission is required on Android R+)
Also beware of apps that serve advertisements. When an app show you advertisements they collect your preferences and upload to the Ad network. They don’t hesitate to make profits out of your privacy.
We live by a different philosophy.
MHC never joins any Ad networks.
MHC never serves any advertisements.
What if I don’t trust a developer?
If you don’t trust a developer, do NOT even install their app from Google Play.
What APK files are safe?
If you trust a developer, the next question is whether to trust that APK file.
Bottom line, only download APK files from the developer’s official channel.
E.g. download MHC from our website here, because it’s our official website, the APK file here is guaranteed to be our official package.
But do NOT ever download MHC from other websites; because it’s possible someone might have downloaded our APK file and injected some of their code into it and let you download it there. To enhance security, we now even publish the SHASUM of our APK file on our downloads section so users can double check the package they download is our official, clean APK.
Why has Google pulled MHC off Google Play?
One of MHC’s primary design goals has been to guarantee offline safety for users; so MHC hides the spy camera app beneath another truly functional notepad app, and MHC is installed as “Simple Notepad” on the device. This way, even if your friends and family use your phone they wouldn’t find a spy app there. There’s no way anyone would know that you use a spy app.
However Google doesn’t like the concept about spy camera and even less so our idea of hiding a spy app beneath a notepad app so they’ve taken MHC off Google Play.
Does this mean MHC is less safe than other apps on Google Play?
As said above, Google Play only guarantees they like the content of the app and you’re downloading the official app package.
So by offering our official APK package on our official website here, there’s not even a bit of difference in terms of safety & security.
This is our site, this is our APK package; as long as you download the APK here from our site, we guarantee this is a clean APK file.
Why users are even more safe now that MHC is not on Google Play?
Because we guarantee users a perceptual license while Google Play doesn’t.
If you purchase any apps on Google Play, when Google suddenly pulls the app off the shelves (which, they do) you will not be able to re-install the app. You will lose all your investments. In fact many people have suffered from that already.
Now that we run our own licensing platform, we assure our users can always come back to our website, re-install and re-activate their purchased licenses. This way we’re the only spy solution provider that truly protect your investments.