Android makes it ridiculously convenient to get new apps; you only need to head to the Play Store, look up the app, and tap install. However, you cannot find every app on the official Google store even though it offers millions of titles. For example, some apps that don’t comply with Google’s rulebook or aren’t published because their developers don’t want to pay Google a cut can only be sideloaded, which refers to installing them from sources other than ones that have been officially approved (via Samsung). Usually, this is done via APK files.
APK files are Android installer packages downloaded from the internet, and they’re often provided by third parties like websites dedicated to hosting the files. These apps can be installed on Android phones, tablets, and smart TVs; also, you can sideload APKs on Chromebooks. Support for these files gives users a wider selection of apps, but it takes a few extra steps to install them. Some apps are exclusively offered as APKs, while others are rolled out as APK files before their latest updates hit the Google Play Store. Similarly, if you want to roll back to an older version of an app, APK repositories are always your best bet. With that said, downloading these installer packages and sideloading the apps can also put your privacy and security at risk, and that’s why you should be careful and take steps to stay safe.
Installing APK files on Android is risky
Since third-party app installer packages aren’t sourced from official channels, sideloading lacks quality control. Virtually all apps downloaded from the Play Store are secured with Google Play Protect, which monitors your library for potentially harmful apps and runs safety checks before they’re installed on your Android device, as explained by Google; sideloading via APK files leaves you without that safety net. Pirated apps are distributed via APK packages, too, meaning the developers who created the titles don’t get your support if you download them this way. Piracy isn’t the only concern when you’re sideloading APK files, though. Malicious vendors can inject a regular app with adware or malware, compromising the health and safety of your Android smartphone or tablet. Adware can make the UI experience annoying at best or unusable at worst, and malware spread through APK files can spy on you and steal sensitive information like passwords and personal files.
Because of this genuine risk, Android has built-in security features to prevent malicious apps from being sideloaded — that is, Android doesn’t allow app installations from unknown sources by default. On Android 7 and older, this access had to be enabled globally, but the newer versions of Android give users finer, more granular control over which apps can be installed using APK files. Regardless, you should stick to more trusted APK repositories like F-Droid if you want to operate outside of the Play Store, plus you should avoid shady, piracy-focused sources. If you must install an app from a third-party source, try running the APK file through a virus scan before installing it to make sure it’s (hopefully) safe.