I just saw a post about the new android market and it includes a link to download the app from a file sharing site. I'd like to explain why this can be dangerous. Malware Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. File Sharing File sharing sites, such as Megaupload, offer apps that are easy to download and install. The downside to this is you don't know what's inside the app and these sies rarely, if ever, decompile apps and check them for malware. The apps these sites offer could be laced with code that grabs your every keystroke (SSN, mother's maiden name, etc.) and send the information to an identity thief. It's not difficult to decompile an android app, write in new code, recompile and upload it to a file sharing site for users to install on their phones - android developers do it all the time. The difference lies in who altered the app and why. If someone gives you an app ask where it came from. The person giving the app away could have downloaded it without thinking about the security of their phone. The best practice is to only install apps from a trusted source. Android Market Google has the ability to remove an app from the android market if it's found that the app is malicious. Google can also remove the app from android phones if they feel the need, though they always inform users before this happens. Trusted Sources God bless Forums, android phones would go EOL much sooner if it weren't for 3rd party developers. Installing an app outside of the android market is a questionable practice. However, you can mitigate the risk by researching the developer. If the developer of the app in question is well known and has a good reputation then I'd say it's worth the risk. If the developer is unknown, and you really want the app, ask the developer for the source code so that you can audit/compile the app yourself - or ask someone else if they can do this for you. Be very suspicious of an app to which you are not allowed the source code. It's not enough to simply obtain and audit the source code without compiling from the sources because the source code and the actual app could be two different things. If a well known developer posts a link to a file sharing site then I'd say it's safe but avoid installing apps when you're not sure who developed the app. Permissions The default package installer on android devices will list the permissions an app is asking for prior to installing the app, always pay attention to these permissions. If an app is asking for full internet access, stop and ask why. Does a flashlight app really need internet access in order to function? No, it does not. Why would a flashlight app be asking for full internet permissions? The only thing I can think of is the app has the ability to send your private information to someone else. Should you install this app? Not for all of the tea in China. It's your phone and your information, keep it safe. There are people out there who pay money for social security numbers, mother's maiden names, dates of birth and the like.. don't become a statistic. Information security is a journey, not a destination.