iQoncept - Fotolia

Unknown apps: How does Android Oreo control installation?

Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means.

The latest Android update -- Android Oreo -- removed the allow unknown sources switch that gave users the ability to load apps on their devices from outside of the Google Play Store. What does this mean? Has the feature gone away or are there other ways to allow apps from third-party sources?

Android Oreo did remove the install apps from unknown sources option from its security settings, which gave users the ability to do just that -- install apps from sources other than the Google Play Store.

However, Google substituted that option with a better feature known as install unknown apps. Now, the user must agree to each app being installed that's not from the Google Play store. There is a new menu in the apps section of the settings that enables specific apps -- which the user chooses -- to install programs from unknown sources.

For example, the user might allow Chrome to install unknown apps because the user is looking up APKs from a site like APKMirror. The user typically would not want a game to install apps from unknown sources because there would be no need for it to do so.

With Android 7.1 and below, it was either all apps had access to installing apps from unknown sources or no apps had access. This made it easier for something like a virus to trick the user into installing an app they did not want.

Any app that the user allows to install from unknown sources agrees to a message stating: "Your phone and personal data are more vulnerable to attack by unknown apps. By installing apps from this source, you agree that you are responsible for any damage to your phone or loss of data that may result from their use."

With the install unknown apps feature, Android gives a fair warning about unknown sources and helps users make sure they know what they're installing. However, mobile security best practices typically frown upon installing apps from any sources other than legitimate vendor app stores or private, enterprise-approved app catalogues. Even legitimate sources, like Google Play and Apple's App Store, can sometimes let fake and fraudulent apps past their security screening.

Generally, enterprise security policies for both BYOD and company-owned devices prohibit the installation of apps from any source other than a preapproved app store.

Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)

Dig Deeper on Application and platform security