I would strongly urge everyone to never, ever download applications to your devices (computer, phone tablet, etc.) from untrusted (3rd party) sources.  The best rule of thumb is to always download apps from the vendor’s store (Google Play, Apple app store, Samsung store, etc.). When I say untrusted, 3rd party sources, I'm referring to visiting random websites to download an app not found in the vendor's store or downloading/installing a stand alone file for your mobile device (such as an apk file for Android).

Downloading apps from the vendor’s store can still be risky, but the companies behind the app stores do remove malicious apps once they are identified.  Even though they do their best to remove malicious apps, it is important to pay attention to the permissions required to run the app.  Will have another blog post regarding permissions, but I think the biggest warning is to avoid apps asking for administrator permission unless you truly trust the app, it's creator, and know exactly why it needs administrative permission.  For now let's get back to only downloading apps from approved app stores (Google Play, Apple Store, etc.).  Downloading apps from sources outside of the vendor’s store is asking for serious trouble.  For example, when Pokemon Go came out in July of 2016, it was only available in several regions (like New Zealand).  News outlets were explaining how people could get the game early by going to various non-vendor stores (3rd party locations) to download the game.  They even provided instructions on how to change your security settings in Google to download the game (this should fall into the category of not always trusting what you hear on the news and/or blindly following their advice without doing your own research).  People flocked to the 3rd party sites and downloaded Pokemon Go before it was released in Google Play.  What did they get for their eagerness?...a phone infected with malware.  Pokemon Go isn't the only app infected by malware released by non-vendor approved sites.  Hackers often use popular apps to trick users into downloading malware.  Hackers will even re-bundle popular apps with malware if the vendors remove the app from their stores.  A lot of times the vendor will remove apps if they are malicious, so if you can't find the app on their approved store it is best to avoid downloading it in other places.  There are rare occasions where apps are not on the Google Play or Apple store and it is required, but that is very, very rare for most normal users.  So again, my best advice is to avoid downloading apps from un-trusted, 3rd party sources at all costs, unless you 100% trust the source and can verify the app is safe.

To go along with this post, I will have additional posts discussing app permissions and why it isn't a good idea to root your device, so be on the look out for those in the future.