How How risky is downloading Modded APK games(that could contain malware)?

DeletedUser655

If I do these security practices:

download modded APK games on guest account.
disable "Allow guest to make phone calls" , and "Send notifications to current user".
Won't log my accounts (expect for google burner account which will be discarded when i delete guest account), and I don't put my put sensitive/personal data on guest account.
When i am done using my phone, i will switch to owner account instead of leaving on guest account on idle so apps won't run on backround.
Won't disable "Exploit Protection compatibility mode" on modded APK games on guest account.

And i won't bother to use a VPN because i don't care about network fingerprinting (due not wanting to spend $ on a monthly subscription, and have slower internet speed). And I will only enable network access to specific Modded APK game, if it requires network connection to run.

DohnJoe

DeletedUser655 Won't disable "Exploit Protection compatibility mode" on modded APK games on guest account.

You cannot know this until you install the app, unless you already decided to give up the modded apk if it is not compatible with the exploit protection.

DeletedUser655 and have slower internet speed

While this is technically true, you won't really notice the difference unless you have poor connectivity.
You would notice more the battery drain if you use anti AI tracking and/or porst quantum encryption.

@dhhdjbd has a point, nobody has a crystall ball to predict the future.
If I had even only the doubt I could "lose" my device to someone else, I would just skip the modded apk on my smartphone.

littlerack

DeletedUser655 f I do these security practices

still very risky

meowijuana

DeletedUser655 it depends on exactly what it's doing, you could always stick one in virus total and poke around. Telegram APK's are a huge vector for malware propagating nowadays, just be careful.

Vsratoslav

By 'modded' you mean pirated?

dhhdjbd

not sure how anyone should answer this.

like what do you mean "how risky"?

in your described configuration, a malicouse application with exploits could steal all your data and gain complete control over your device, atleast until you reboot.

how likely it is that this happens, i doubt anyone can answer that

Grapi

The question can be framed more abstractly as follows:

If a highly destructive virus or malware were intentionally installed on a guest user account, how harmful could it be, and what is the worst‑case scenario?

nologo

Grapi The question can be framed more abstractly as follows:

If a highly destructive virus or malware were intentionally installed on a guest user account, how harmful could it be, and what is the worst‑case scenario?

Well, if the virus or malware is in fact destructive, it will destruct stuff... Worst case scenario: probably something along the lines of stealing all your data and rendering your device useless, or something?
Bad answer? Off course it is, but only because it is such a useless hypothetical question. There are no good answers to bad questions.

If OP expects GOS will simply protect them from all the potentially harmful consequences of downloading apps that have been tampered with, then they are wrong.

Just stay away from 'modded' and pirated software. Even if you don't experience any harm in your case, you are still supporting illegal activity and attributing to the distribution of malware. Just don't.

Blastoidea

Walk on thin ice …… be prepared to fall through.

Novalissoide

nologo There are no good answers to bad questions

Wrong, since you just gave a good answer. 😉

starglider

Of all the platforms in existence, GOS is probably one of the safest ones on which to do things like this (running isolated VMs being the other). AOSP has itself very strong sandboxing for apps, GOS significantly hardens various aspects of the OS, and using a separate profile provides further isolation.

All that said, you're still installing known malware on your device, which presumably contains sensitive personal information. That's pretty much always a Bad Idea™. All software has security bugs; just look at how many Android CVEs get issued every month and consider that every so often there's one that impacts sandboxing or provides a link in a chain for an app to break out.

Realistically, these pirated APKs are probably not engineered by extremely sophisticated engineers taking advantage of zero-days and "one-days." Most of them probably do obvious stuff like try to get accessibility permissions or "display over" permissions and that sort of thing to steal credentials.

Still, if it were me, I'd do this on a physically separate device that I never connect to my primary LAN. It's hard to answer, because nobody here knows your personal risk tolerance.

subwoofer

If the op is asking whether malware running in a secondary user account can affect anything outside of that account I'd be quite interested in the answer. Not that I'm planning to play "modded apk" games but I do have a test user account which I use without caution believing whatever I do cannot affect the others