I have always recommended downloading browser extensions and mobile apps only from the official web and app stores provided by Google, Apple and Mozilla.
While some nasties do occasionally slip through, they do take great pains to ensure that the extensions and apps they allow into their repositories are safe and malware-free.
I still recommend that you limit your downloads to those official repositories, but I need to tell you about a disturbing trend that’s taking place right now.
Although Google, Apple and Mozilla do a great job at preventing malicious extensions and apps from being approved and placed in their repositories, some downloads that were safe previously eventually go over to the dark side and morph into malware.
And this problem is getting worse by the day.
Some of the “good apps gone bad” are altered by hackers without the knowledge or consent of their original creators, but others are actually altered by the creators themselves.
What happens is they’ll submit a truly useful (and safe) app to a repository, then change the app after it becomes popular to cause it to start delivering malware, steal user information or perform some other malicious act.
Still other legitimate extensions and apps are sold to new owners who will secretly modify the code in a malicious way.
What all of this means is you could well be using a browser extension or mobile app right now that was completely safe when you installed it but is now doing mischief on your computer, smartphone or tablet.
This really hits close to home for me. I’m always testing and reviewing new browser extensions and mobile apps and recommending the ones I find interesting and useful.
Unfortunately, several of the products I’ve recommended over the years ultimately moved to the dark side. That’s why we all need to watch out for “good apps that have gone bad”.
Now I’m not going to suggest that you immediately go and remove every extension and app that’s installed on your machines. That would be over-kill.
What I do suggest is that you take a few minutes to quickly review of each of your installed extensions and apps to determine if any problems have been reported by others.
There are a couple of ways to do that, and I recommend that you do both:
1 – Type the name of the extension or app (followed by the word “extension” or ‘app” as appropriate) into Google and then click the “News” link. If that extension or app has gone to the dark side there will probably be news reports about it.
2 – If nothing concerning shows up with the Google search, visit the download page for the extension or app in the appropriate web or app store to see if the latest reviews contain negative comments about the download spreading malware or performing any other dirty tricks.
If there’s any indication at all that an app or extension might be misbehaving I recommend that you remove it from your device.
It would probably be a good idea to repeat these quick reviews of your apps and extensions about once per month.
It’s also wise to limit the number of apps and extensions you use to the ones you truly need and use on a regular basis.
After all, every piece of software that’s installed on your device will clog up the works a bit and provide another potential avenue of attack for hackers and scammers to break into it and use it for malicious purposes.
Bottom line: Just because a browser extension or mobile app starts out legit that doesn’t mean it will always stay that way.