first : let me say I have googled.

yesterday i was browsing a very popular website for the first time (its about cars, I'm planning to buy one). what happened was i think one of the advertising caused a pop-up (another tab on android) and it automatically caused a download of an apk - without any interaction of my part.

while the download bar is showing, I quickly swipe right.

- so, does this cancelled the download? i do notice the file exist, maybe partial download?

in the security setting, I doesn't allow installation from unknown source

- so, the APK won't be installed, right?

I think it is strange that is happening, since I was using Chrome and not the provided Samsung Internet. Not starting an app war, is Firefox better on Android in stopping this drive by download? Thanks.

http://android.stackexchange.com/questions/38907/how-to-trace-a-drive-by-download

from the link above, it seems that androind is not investigation friendly, but from the download folder is seems the apk is MoboMarket.apk. A quick google lead me to this:

http://www.hotforsecurity.com/blog/mobomarket-gets-new-users-via-scam-7300.html

Does anyone else experience this? Drive by download of MoboMarket.apk? Thanks.

Yes, there are known exploits. Yes, there are likely several exploits on all the applications. Multiple layers of security is always pefererd, updated browser, some malware scanners, and turn off non-store installs and developer options.

Chances are good that your phone doesn't have the latest patches, unless perhaps it is one of Google's Nexus devices since Google keeps releasing updates for them. Everyone else you might get the first major OS update but no other updates and patches.

No idea if the app will be installed or not, if it had time to download and run a backdoor install then you'll need something that can detect and clean it. If you stopped it, then you stopped it.

There is most likely no reason to worry as you just downloaded an APK. Androids browsers automatically download files to which you are redirected without prompting you first, just like chrome does. Even with the fully downloaded APK nothing will happen if you don't install it by yourself.

To be able to install an APK without prompting you the website would need to exploit your browser, then root your device and then call the package manager directly. IF the website could do that you would never see the download in the first place.

It is (in my experience anyway) quite common for ads to just redirect to the Play Store or download the APK hoping that the user installs the application. Just like those "Your flashplayer is outdated"-ads.

Don't worry, this is not what is normally is refered to as "drive-by-download".

Edit: Spelling

There is most likely no reason to worry as you just downloaded an APK. Androids browsers automatically download files to which you are redirected without prompting you first, just like chrome does. Even with the fully downloaded APK nothing will happen if you don't install it by yourself.

To be able to install an APK without prompting you the website would need to exploit your browser, then root your device and then call the package manager directly. IF the website could do that you would never see the download in the first place.

It is (in my experience anyway) quite common for ads to just redirect to the Play Store or download the APK hoping that the user installs the application. Just like those "Your flashplayer is outdated"-ads.

Don't worry, this is not what is normally is refered to as "drive-by-download".

Edit: Spelling

Phew. Thanks.