Or F-Droid or even APKPure, for that matter.
Personally, I install APKs from wherever. 
Lucky Patcher, for example canât be downloaded from an App Store.
2 Likes
Yes because Lucky Patcher itself may not be harmful, but it can be used to manipulate other apps. Google simply donât allow this and thatâs the reason for itâs non-avaibility on playstore
1 Like
I know. Iâm just saying I get a ton of apps from sources other than Google Play, and anyone can stay safe as long as they know what theyâre doing. Antivirus for Android would be pretty useless if it didnât have root permission (because a real virus could be anywhere, not just in /storage/emulated/0).
2 Likes
Yeah, that was the problem that @Kanishka_Developer also mentioned. In my reply I thought
When there is no good antivirus, here is the way to we to make one
An one, that does not have a paid plan. One, that is Open-Source (Yusuf knows how important is it to me). One, that does not disturb you with ads. One, that is not fake.
1 Like
But it would need then to gain root access somehow, which is, as long as the users know, what theyâre doing, cannot be done.
1 Like
Actually no, because almost every day some malware apps adding to Google Play. And Google is trying to delete and find them. Donât trust the âScanned by Google Play Protectâ label always.
After you install an APK to your phone (not via Play Store) it will gain some permissions automatically. And if you give additional permission to the app, it can do almost anything without asking for root.
Device Administrator
An app can do these things below when the user taps âActivateâ. Also, the user canât delete apps which device administrator is enabled. As far as you know.
Accessibility Permission
After you give Accessibility permission to the app, it will gain access to tracking what is going on the screen.
Now think that user activated these permissions for the virus. Now, deleting data and modifying settings is piece of cake for virus anymore. And these permissions donât require root or anything, because these permissions coming from Android itself.
Android.**** is one of Android viruses which asking these permissions. And after you grant it it can do these things without root:
Virus name and link is censored due to security.
So @Kanishka_Developer is right.
1 Like
We were talking about where malware can inject itself in the storage. Youâve done a pretty introduction of one of the bad software. I do not mean it is bad, just noticing
Kanishka mentioned that theme earlier. If the user is not able to read ~5 websites about the permissions and settings of Android, we can not help. Anyway, the average user installs apps they know, from Play Store. Yeah, here I am making arguments against myself 
One workaround would be to inform the user that a not manually-verified (by staff) app has access to important permissions like Acessibility.
2 Likes