Malicious APK Sideloading Scams via Phone Calls
How scammers use phone calls to convince Android users to install malicious APK files outside the Play Store, granting attackers remote control of the device.
Part of: Malicious APK Sideloading Scams
Last reviewed: 8 June 2026
APK sideloading allows Android users to install applications from sources outside the Google Play Store. While this has legitimate uses, it is also the primary vector for installing malicious applications that would be blocked by the Play Store's review process. Scammers use phone calls to guide victims through the sideloading process, impersonating bank fraud teams, tech support staff, or government officials.
The victim believes they are installing a security tool, a verification app, or a screen-sharing utility at the instruction of a trusted caller. In reality, they are installing a remote access trojan (RAT) that gives the attacker full control of the device — including access to banking apps, two-factor authentication codes, and contacts.
How this scam works on phone calls
A call arrives from someone claiming to be from the victim's bank, a government agency, or a major tech company. The caller says a security issue has been detected on the device and that a protective app must be installed immediately. They direct the victim to download an APK file from a link sent by SMS or provided verbally.
The caller walks the victim through enabling the Android setting that allows installation from unknown sources, then through installing the APK. Once installed, the attacker has remote control of the device. While the call continues, the attacker accesses banking apps, approves transactions, and exfiltrates two-factor authentication codes.
Common red flags
- Caller instructs you to download and install an app from a link rather than the official app store
- You are told to enable 'install from unknown sources' or 'unknown apps' in your phone settings
- Caller claims your bank or device has been compromised and requires immediate remote action
- The app you are directed to install has a name resembling a legitimate security or banking tool
- Caller requests screen-sharing or remote control access as part of the process
- Urgency is created: act now or lose access to your account or face a fine
How to protect yourself
- Never install an app from a link provided by an incoming caller — install only from official app stores
- Hang up on any caller instructing you to install software and call the organisation back on a verified number
- Never enable installation from unknown sources at the instruction of a caller
- Real banks and government agencies do not instruct customers to install apps over the phone
- If a malicious APK was installed, perform a factory reset and contact your bank immediately
How to report it
- Report to your bank's fraud team using the number on the back of your card
- Report to Action Fraud (UK) or IC3 (US) if financial loss occurred
- Report the phone number to your national telecom regulator
Frequently asked questions
What is 'sideloading' and why is it dangerous?
Sideloading means installing an Android app file (APK) from a source outside the Google Play Store. It bypasses Play Store safety checks. While some legitimate apps require sideloading, installing an APK at the instruction of an unknown caller is a serious security risk.