* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Application Advisory/Analysis](https://www.paloaltonetworks.com.au/blog/category/application-analysis/)
* The Rise of Untrustworthy...

# The Rise of Untrustworthy Apps in App Stores

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F09%2Frise-untrustworthy-apps-app-stores%2F)  
[](https://twitter.com/share?text=The+Rise+of+Untrustworthy+Apps+in+App+Stores&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F09%2Frise-untrustworthy-apps-app-stores%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2014%2F09%2Frise-untrustworthy-apps-app-stores%2F&title=The+Rise+of+Untrustworthy+Apps+in+App+Stores&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2014/09/rise-untrustworthy-apps-app-stores/&ts=markdown)  
\[\](mailto:?subject=The Rise of Untrustworthy Apps in App Stores)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Sep 02, 2014  
4 minutes  
[Application Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/application-analysis/?ts=markdown)  
[Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown)  
[Advanced Endpoint Protection](https://www.paloaltonetworks.com/blog/tag/advanced-endpoint-protection/?ts=markdown)  
[app store](https://www.paloaltonetworks.com/blog/tag/app-store/?ts=markdown)  
[Application Security](https://www.paloaltonetworks.com/blog/tag/application-security/?ts=markdown)  
[Google Play](https://www.paloaltonetworks.com/blog/tag/google-play/?ts=markdown)  
[mobile](https://www.paloaltonetworks.com/blog/tag/mobile/?ts=markdown)  
[mobile security](https://www.paloaltonetworks.com/blog/tag/mobile-security/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/tag/mobility/?ts=markdown)

If you've been following the news, you may have seen the recent stories discussing the issue about ["fake" apps](http://www.howtogeek.com/194993/the-windows-store-is-a-cesspool-of-scams-why-doesnt-microsoft-care/) appearing in the Windows Store. Over the past few weeks, [efforts have been underway to clean up the worst offenders](http://gizmodo.com/microsoft-purges-1-500-fake-apps-from-the-windows-store-1627813167), but the issue I wanted to call attention isn't so much the app store itself. How, as an organization, can you trust the apps that users install on their laptops \& mobile devices? And even if you do, what can you do about handling the emergence of exploits against various apps?

App stores for desktop operating systems provide a way for users to find the apps they want without having to search the Internet. It's a concept borrowed from the app stores that appear on mobile devices. The security-conscious user knows better than to download and install a random application, but the average user does not. By providing an app store, the user can visit an authoritative (and curated) collection of apps, which is generally safer than letting users find apps on their own. With integration into the operating system (the search function in Windows returns results from the Windows Store, for example), users can get what they need without having to look for it on their own.

However, not every app a user desires is in the app store, and in spite or even in the absence of a legitimate build, fake apps appear. Keep in mind, these aren't pirated apps, but rather unofficial builds of an app with extra libraries or hidden functions embedded within. For example, many popular apps are open source projects, which make it possible for anyone to submit their own build to the app store. The end user may not know who the "official" publisher is, and could end up picking one at random. These unofficial builds are not necessarily created for benevolent reasons, as an unscrupulous author might add a price tag to an otherwise free app, as well as add additional functions to the code, such as inserting ad network libraries, scams, or even malware.

If this sounds familiar, you may recall earlier this year, [we published research on the use of the same technique](https://www.paloaltonetworks.com/blog/2014/04/palo-alto-networks-discovers-new-trend-mobile-malware-distribution/) in the Google Play store.

These issues are particularly troubling because some of the more aggressive ad networks can harvest details about a user's information and take advantage of the network connection to deliver the payload without the user's knowledge.

Now keep in mind that some app stores are better than others. The official app stores tend to be much better at cleaning up apps with bad behavior than some of the others, and as a general rule of thumb, it is sensible to use official app stores instead of some of the others. But as we continue to see, there are always new techniques that can be applied to trick users.

As an organization, good security depends on being able to understand app behaviors, and use a combination of both network and endpoint security along with intelligence on threats to identify dangerous conditions inside the organization. An additional factor that you may want to consider is the ability to discern whether a particular device (a laptop or mobile device) is compliant with an organization's IT policy before granting access to more sensitive resources.

These principles are all part of the Palo Alto Networks enterprise security platform, and help you establish control over the apps that people use, along with continuously applying a deeper understanding of the condition of the devices and as well as the person using them.

Find out what's possible by reading more about [Palo Alto Networks advanced endpoint protection](https://www.paloaltonetworks.com/products/endpoint-security.html) and our platform.

*** ** * ** ***

## Related Blogs

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Q4 FY18 Global Partner Webinar Recap](https://www.paloaltonetworks.com.au/blog/2018/07/partner-q4-fy18-global-partner-webinar-recap/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Introducing Traps for Android](https://www.paloaltonetworks.com.au/blog/2018/06/introducing-traps-android/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Traps "Recommended" in NSS Labs Advanced Endpoint Protection Test](https://www.paloaltonetworks.com.au/blog/2018/04/traps-recommended-nss-labs-advanced-endpoint-protection-test/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Announcing Traps 5.0: Cloud-Delivered Advanced Endpoint Protection](https://www.paloaltonetworks.com.au/blog/2018/03/traps-5-0/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### Forrester Evaluated: How Traps Reduces OpEx and Breach Prevention Costs](https://www.paloaltonetworks.com.au/blog/2017/12/forrester-evaluated-how-traps-reduces-opex-and-breach-prevention-costs/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### Traps Prevents Ransomware Attacks](https://www.paloaltonetworks.com.au/blog/2017/11/traps-prevents-ransomware-attacks/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language