Google has a notoriously lax app approval process. There are some positives to allowing easy access to the Play store, but Google’s attitude has also left their app store full of dangerous, device-hijacking software.

Malicious Android apps usually try to pass themselves off as other legitimate apps, which can leave the average user unable to tell the difference between the two. Here are some tips to help you distinguish the good from the bad.

1. Who’s the developer?

Every app’s page features the developer in plain view directly beneath the name of the app. You might not know offhand who the legitimate developer of an app is, but if the name sounds fishy, is spelled wrong, or isn’t capitalized properly you need to investigate further.

To check into a developer scroll all the way to the bottom of an app’s page on the Play store. Down at the bottom is a link to the developer’s website–give it a click to make sure it goes to a legitimate site.

SEE: Android Security Bulletin August 2016: What you need to know (TechRepublic)

A little above the website link you’ll see more apps the developer has published. Those other apps are a good indicator of who you’re dealing with–be sure it’s not just a bunch of copies of other apps or other junk.

Popular apps are some of the most frequently scammed and copied. If you’re planning to install one of those keep an eye out for the Google Top Developer icon next to the app developer’s name. It appears like a small blue diamond, and it lets you know you’re dealing with the right people.

2. Check permissions

You can see what permissions an app will need right at the bottom of the screen near the link to the developer’s website. All apps need at least some permissions in order to run, and while some need more than others, the permissions an app is asking for should match its function.

If you’re installing a game it might need to access the internet to pull down data, but there’s no good reason for it to attach to your social media, or access your dialer or contacts. It also shouldn’t be asking for control over network connections, or to be given access to install other apps.

When in doubt trust an app that asks for the least amount of permissions possible. The more it wants the more it’s going to worm its way into your phone.

3. What are other users saying?

Check the ratings on an app: if it only has a couple stars it probably isn’t worth your time, so just pass it up.

SEE: Why haven’t we seen the smartphone security apocalypse in iPhone and Android yet? (TechRepublic)

Make sure you read the comments too–users will report on bad apps, so scan through what people are saying about it. That’s not to say that malware developers don’t spam the Play store with fake reviews–keep an eye out for five star review after five star review that describe nothing and read in similar ways.

Other things you can do

Inspecting an app on the Play store can generally distinguish the good from the bad, but there are other things you can do to keep your device safe.

Be sure that you disable app installations from unknown sources. Casual Android users probably won’t ever have a reason to sideload an APK, so turning it off can protect you from apps outside the Play store. Open Settings, tap on Lock Screen And Security, and look for Unknown Sources. Toggle that off and you’ll be all set.

Also be sure to install an Android antivirus app. They can detect bad apps and help you get rid of them, as well as protect you from malicious websites and other things that can harm you and your device.

The 3 big takeaways for TechRepublic readers

  1. Investigate every app you want to install. Be sure the developer is legitimate, the comments are positive, and the app isn’t asking for atypical permissions.
  2. Disable unknown app sources to prevent a website from secretly installing apps.
  3. Make sure you have an Android security app installed on your phone. They do work and can save you a lot of trouble over one simple mistake.

Also see