15 comments

[ 15.0 ms ] story [ 514 ms ] thread
Are there any apps designed to specifically gate every install, including background OTA installs sent by carriers, because I'm security conscious with my devices but I have family who very much are not.

Ideally, I can just nag my non-tech savvy relatives to let me install such a security app for them and then enjoy having peace of mind for their behalf.

I reported problems about applovin sdk clicking on/opening ads on ios apps like a decade+ ago. have never used them since.
> Why would Samsung, T-Mobile, and others grant AppLovin the ability to install apps?

Exotica like Fairphone and PinePhone are starting to look pretty good...

AppLovin has been doing this for a long time. BlueStacks and some other vendors have been doing this for literally a decade.

The root problem is that Google Play is poorly curated. One problem it has is that it ranks apps that have many downloads higher than those with fewer downloads. AppLovin is used to boost downloads for the purposes of the Google Play algorithm.

Of course, this is known to Google.

AppLovin makes a gargantuan profit margin of 45%:

https://valustox.com/APP

Even so, I avoid stocks that don't have a sustainable, value-based business model.

I really hope Unity gain more mobile gaming ads market shares away from AppLovin.
I looked through the AppHub APK last year after a friend told me they'd found unknown apps installed on their flagship Samsung, and I was very surprised to find some of the same "direct download" references you did.

I've known for a long time that T-Mobile shipped junk apps upon initial setup, but seeing them loaded OTA after a single click on an ad (even a few pixels off of the "x" button) is very concerning. Even putting aside the moral issues with practices like this, that's a huge security hole in a very large percentage of Android phones.

> ad tap (just clicking an ad, potentially a misclick aiming for a tiny X button, with no Install button even visible on screen)

> AppLovin’s X’s are unusually tiny, so mis-taps are especially likely

This is why I use Intent Intercept - https://f-droid.org/en/packages/de.k3b.android.intentinterce...

It tells me exactly what's about to happen from my tap(accidental or intentional), and gives me the option to undo my tap.

Every privacy/security conscious Android user should have Intent Intercept installed on their devices already.

Makes sense. Pretty sad to have to install a tool like that to get security on a platform that is used by billions of users. Even more shocking that apps get installed just from clicking a small close button on a silly ad without even prompting for the install?

Installing random tools to hopefully get more security, though is risky also. Hopefully that tool doesn’t get compromised as it is privy to all intent activity.

> Pretty sad to have to install a tool like that to get security on a platform that is used by billions of users.

You click on a banner ad inside an app, and if you have Intent Intercept installed, it won't immediately register as an "impression" and take you to wherever the banner has been programmed to take you to by default. Since Intent Intercept also affects the ad industry(of which Google is a big part), I don't expect Google to build a similar less-nerdy tool into Android by default.

> Installing random tools to hopefully get more security, though is risky also. Hopefully that tool doesn’t get compromised as it is privy to all intent activity.

Intent Intercept is open source(Apache License 2.0 https://github.com/k3b/intent-intercept) and its release binaries are hosted on F-Droid, arguably the most trusted Android "store" for Free and Open Source apps. So I'm not too worried.