BlueStacks is unquestionable, one of the most appreciated Android emulators out there, a fact is proven by its 400+ million user community. Although BlueStacks was designed for gaming, it’s also being used to test new Android apps before they’re published on Google’s Play Store – easier to test an app inside an IDE than downloading it on your smartphone. BlueStacks came out in the odd 2009 and, at that time, it had, more or less the same ‘legal status’ as Citra, Snes9x, or other Super Nintendo emulators – borderline legitimate.
BlueStacks is a popular and free emulator for running Android apps on a PC or Mac computer. BlueStacks doesn't look exactly like Android, but it's easy to use and you can install Android apps from. Bluestacks is absolutely safe for your system. Because there is no valid information for stating Bluestacks as malicious software. To begin with, we’ll take a quick look at what Bluestacks is, what is the purpose of using Bluestacks, and how to use it on Windows and Mac PC. Then, we’ll move further to find an answer to the question- Is Bluestacks safe for my PC, and also to why it is considered as a possible threat. Dec 01, 2020 In fact, Bluestacks is safe for your PC even though it may be detected as malware by your antivirus programs. But there is no accurate evidence showing that Bluestacks is malicious. When installing Bluestacks on the PC, sometimes users are asked to disable antivirus protection. If you have set some overprotective securities, some essential.
Later on, that status became less cloudy, particularly because Android is (semi) open-source (i.e., some costs may apply to manufacturers who want to install Google Mobile services). For a while now, people have been wondering about the security aspects of this Android virtualization environment.
Is BlueStacks Safe? Well, since this is an Android emulator, BlueStacks may have had inherited the same security flaws as its mobile counterpart. In this article, I will be challenging the latter statement for the purpose of ‘round-tabling’ the cybersecurity concerns associated with using BlueStacks for anything from QAing to developing full-fledged, mobile-friendly applications. Enjoy and stay safe!
What is BlueStacks and how do you install it?
As I was saying in the intro, BlueStacks is a free Android emulator best suited for those who prefer mobile gaming without actually gaming on a mobile device. BlueStacks can be deployed on any Windows or Mac-compatible machine and has the same looks (and feel) as the real McCoy.
The emulator has many game-ready features such as mouse + keyboard tailor controls (e.g., MOBA mode, shooting mode, macros, etc.), multi-instance (i.e., allows you to run multiple apps at once), and eco mode, which helps you harmonize system resources while running multiple BlueStacks instances at the same time.
The latest version of BlueStacks (v4) comes with various pre-installed applications such as Google Play Store, Gmail, a file explorer that allows you to load custom (and often unsigned) .apk files, and much more. In other words, BlueStacks is the proverbial one-stop-shop for developers and users alike who want to enjoy the wholesomeness of Android without necessarily owning an Android device.
BlueStacks does not require special permissions in order to be deployed on a machine, provided that you’re running in admin mode. Just download the .msi package from BlueStacks’ official website and execute it on your machine. Additional configuration is not necessary with version 4 – every utility’s preloaded so, at this point, the only thing you’ll need to figure out is how you’re going to use it.
Personally, BlueStacks is a great addition to any virtualization software and, by far, the most stable. Sure, you can virtualize Android with just about any emulator you can get your hands on, but don’t expect performance.
I still have a hard time believing that Oracle’s VirtualBox, although capable of running dozens of emulated operating systems, still glitches when you try to run Android – and yes, I did ramp up the cores and RAM dials, but to no avail. Anyway, BlueStacks has been sufficiently well optimized as to allow both gamers and developers to reap its benefits. Yes, this Android emulator can be used for things like debugging, testing, patching, and everything in between. Developers tend to use BlueStacks in conjunction with some form of specialized IDE such as Eclipse.
No doubt, a very interesting piece of software and to think that this project was started simply because game players wanted to add that keyboard + mouse soft-touch to their Android experience.
Summing up: BlueStacks is open-source gaming and debugging Android emulator. It sports all kinds of cool features, from customizable gaming modes to DevOps tools. Now that we have this out of the way, let’s discuss about the cybersecurity concerns looming around this Android emulator. So, is BlueStacks safe?
Addressing Cybersecurity Concerns of Android Emulation Software
A quick Google search BlueStacks’ security concerns render some pretty interesting, if not confusing, results. Most of the websites I’ve consulted in order to piece this article together have the same ‘lighthearted’ conclusion – sure, your AV might flag the .msi package as malicious, but BlueStacks is 100% safe. And, my favorite – BlueStacks wants to mess around with your UAC policy. Sure, allow it; what’s the worse that could happen? The team behind the evergreen Android emulator put a lot of ‘elbow grease’ in order to plug all the security holes. Naturally, v4 of BlueStacks is far more secure compared to its predecessors.
CVE-2019-12936: IPC Misconfig
Now, in 2019, Nick Cano, a cybersecurity researcher, and ethical hacker, came knocking on BlueStacks’ door saying that the app has some major issues. One of these issues, which was nicknamed CVE-2019-12936, popped up in or around April 2019. With a severity score of 7.1 on the CVSS scale, this vulnerability, which was thoroughly documented by NIST, proved that BlueStacks was prone to cross-scripting via a defective IPC mechanism & interface which had no auth functions enabled.
More specifically, using DNS Rebinding, the victim’s machine would start attacking targets on the same network. This vulnerability would have also allowed for REC (i.e., remote execution of code), lading to data leaks, backup theft, and other mishaps. No incidents were reported prior to Cano blowing the whistle on BlueStacks. One thing I forgot to mention: this vulnerability was discovered in versions lower than 4.0. BlueStacks’ latest build (4.90.0.1046) removed this vulnerability. So, if you’re still running older versions of BlueStacks, I strongly recommend updating your app ASAP.
CVE-2016-4288: Random code execution with system privileges
Thought that CVE-2019-1936 was the only vulnerability found in BlueStacks? Think again. In 2017, CVE-2016-4288 was published. The entry documented BlueStacks’ App Player local privilege vulnerability due to the creation of a Windows registry key with suboptimal protection. More specifically, the emulator’s App player would create a registry key that required very little permissions. This vulnerability would, in turn, allow a threat actor to execute random code with system privileges. CVE-2016-4288 would have affected version 2.1.3.5650 of the product or earlier versions.
CVE-2018-0701: Gain unauthorized access on the same network segment
Discovered in November 2018, this vulnerability would have allowed a threat actor to bypass normal restriction in order to gain access to resources hosted on a machine or network. As the CVE entry shows, the vulnerability was associated with the BlueStacks App player and affected Windows versions 3.0. through 4.31.55, as well as the second version Mac version of the emulator. The issue, which was flagged as “resolved” in the latest version of BlueStacks, would have allowed an attacker operating on the same network segment as the victim’s endpoint to gain unauthorized access.
CVE-2019-14220: Read unauthorized file by setting file name as a parameter in system service call
Earmarked in 2019, CVE-2019-14220 refers to a vulnerability that could be used to gain read-type access to an authorized file. This vulnerability’s been tied to a “local arbitrary file read through a system service call” and when executed with System admin privileges could have granted the threat actor access to an authorized file if the said file name was used as a parameter. CVE-2019-14220 affected versions 4.110 and 4.120 of BlueStacks. The vulnerability seems to have found its fix in the latest version of BlueStacks.
BlueStacks for Enterprise – Cybersecurity concerns
Is Bluestacks Safe For Macbook
Software emulation solutions such as BlueStacks or even Oracle’s VirtualBox are open-source – free to use, deploy, expand, alter, etc. However, some of their more ‘advanced’ features are locked behind a pay-to-use wall. Haven’t heard about a corporate version of VirtualBox, but BlueStacks does have an enterprise plan and this exactly what we’re going to talk about in this section.
So, why should you choose BlueStacks Pro/Enterprise over the regular one? Well, getting rid of repetitive ads would be a nice change of pace. Also, the enterprise version of BlueStacks has other cool features in stock such as improved performance, a couple of tweaks that lower your bandwidth usage, the SDK, 24/7 support, disable pre-loaded content, and much more. So, should you go premium?
Is BlueStacks safe in its premium form? Yes, it is. As I’ve mentioned in the section concerning BlueStacks’ past issues, all of the (discovered) vulnerabilities have been successfully resolved, making BlueStacks for business as safe as Fort Knox’s gold vault. Wouldn’t go that far, but it’s pretty secure as it is. Now, putting aside BlueStacks’ known issues, the only thing left now to tackle would be the security problems that may arise when running emulators on your machine. And, as it happens, most of them are related to the type of application you run in said environment.
Google’s Play Store is the Eldorado of Android applications – music, video, photo-editing, ethical hacking, code-learning, code implementation, testing, debugging; there’s an application for everyone and every need. However, hidden inside this treasure trove of unspeakable usefulness are some apps that you wouldn’t want on your machine, regardless if it’s physical, virtual, or container.
Unfortunately, Google’s having a very hard time policing the Play Store for malicious apps masquerading as legit ones. So, what happens if you come across such an app while messing around in your BlueStacks-emulated Play Store? Worst case scenario – you break the virtual machine and start the VM configuration process from scratch. The nightmarish scenarios – nothing happens to the emulator, but the malicious code claws out of the sandbox and infects your host.
Now, based on the malware creator’s TTPs, this jailbreaking piece of code can do anything from zombifying (botnet) your machine to using it as a launchpad in an attempt to cash in as many goodies (assets) as possible. On the topic of assets, the first thing they teach you in any CND (certified network defender) class is that the word “asset” is spelled with dollar signs (a$$et) instead of a double-s – you lose your assets, you lose your business. That’s it, game over, and there’s nothing more to be done.
So, pay extra attention when deploying tools on your BlueStacks machine. Look for anything that could question the legitimacy of the app: grammatical errors, spelling issues, no info about the developer, fake and repetitive feedback, and, ultimately, the app’s requested permissions. Use common sense on that one: if an app you’ve just downloaded, say a portable Java system properties library asks permission to access your address book or to make phone calls, then it’s definitely malware.
Parting thoughts and extra security tips
Is Bluestacks Safe For My Mac
Is BlueStacks safe? I wouldn’t say 100% because that would imply that the emulator might have some sort of safeguards in place for the worst cyber-threat out there – the human factor. The app itself is as secure as any open-source virtualization software out there, but won’t do you any good if you execute malicious apps on it. As I’ve said, time and time again, common sense is the panacea of cybersecurity – no matter what you work on or what resource you’re trying to access, you should pay attention to the context. It’s as simple as that.
As to the extra protection bit, I wholeheartedly encourage you to deploy an antimalware solution on your machine, especially when you’re experimenting with things like BlueStacks.
Heimdal™ Security’s Next-Generation Antivirus & MDM is more than capable of dealing with anything that could try and claw its way out of your VM’s sandbox.
To end this article on a lighter note, if this is your first encounter with BlueStacks, do yourself a favor and play a couple of PUBG rounds or something before working on your projects. There’s no better way of testing this kind of software. As always, stay safe, and don’t forget to shoot me a comment if you have any questions about the app or topic.
- BlueStacks, the popular Android emulator for Mac and PC, is generally safe to use.
- Cybersecurity experts recommend only downloading Android apps that you know are safe.
- When you download BlueStacks, it'll see your IP address and device settings, along with your public Google account.
If you're like most people, you probably use both a smartphone and computer every day. And although the two devices might seem incredibly different, they can run a lot of the same apps.
That's where BlueStacks comes in. BlueStacks is one of the most popular Android emulators around, and lets you run nearly any Android app on your Mac or PC.
But like any program, before you download it, you should know whether it's safe to use. Here's everything you need to know.
Is BlueStacks safe to use?
In general, yes, BlueStacks is safe.
What we mean is that the app itself is totally safe to download. BlueStacks is a legitimate company that's supported by and partnered with industry power players like AMD, Intel, and Samsung. They've been around for years, and the BlueStacks emulator is considered a great way to run Android apps on your computer.
Just make sure that you download it from BlueStacks' official website. The newest version for Mac is called BlueStacks 4, while Windows users can run BlueStacks 5.
© BlueStacksBe careful about downloading apps
However, the Google Play Store - which is where you'll be downloading the Android apps from - carries some risks. Over the years, cybersecurity researchers have flagged hundreds of Play Store apps that carry malware, charge you money for worthless or non-existent products, or track your personal information.
'You'll need to be careful,' Attila Tomaschek, a digital privacy researcher from the cybersecurity firm ProPrivacy, told Insider. 'Even if you have downloaded BlueStacks from the official site, you can still download potentially malicious apps from the Google Play Store.'
© ShutterstockBlueStacks can protect you from some of these apps, since they're usually designed to work on Android devices, not Macs or PCs. A BlueStacks spokesperson assured Insider that every app is run inside of an 'App Container,' which makes sure the app can't interact with the rest of your system. And the emulated Android system is run inside of a 'secure OS virtualization container, further protecting the user.'
But other threats, like social engineering or phishing scams that trick you into giving up data, are still dangerous.
Tomaschek also stresses that even if BlueStacks is trustworthy, you should still adhere to 'to basic digital privacy best practices.' These include limiting the amount of personal information you share online, never clicking on shady links, and doing research before downloading any app to make sure that it's safe.
What data does BlueStacks see?
Every app you download gets some amount of access to your device's data. BlueStacks is no exception.
When you download BlueStacks, you share data in two ways.
Firstly, when you download BlueStacks, you'll have to log into your Google account. As such, BlueStacks will get access to your name, email address, and any other public information on your Google account. This might include your phone number, gender, address, and picture.
Secondly, BlueStacks will see some of your computer's data. According to Tomaschek, it'll see 'info regarding your OS, hardware, unique device identifiers, and network information.' Once you start using it, it'll also 'collect and analyze data related to your device, like your device's IP address, location preferences, system configuration data, app activity, transaction timestamps, Android app metadata, and more.'
In other words, BlueStacks will see what browser and computer you're using, your general location, and some information about your computer setup. It sounds like a lot, but it's the sort of data that most modern apps collect.
A BlueStacks spokesperson told us that they take this info 'to make the user experience better,' and it helps optimize the app to run well on a variety of different computers. They also said that this data 'is not stored in the cloud,' meaning in theory they're the only ones with access to it.
© DisobeyArt/Getty ImagesAnd it probably won't have any access to your actual files or documents. Dave Hatter, a cybersecurity consultant from InTrust IT, told Insider that both Macs and PCs have pretty strict security when it comes to letting apps read your documents. Unless you've deliberately disabled your computer's built-in security features, or haven't updated it in years, your files will be untouched.
BlueStacks has had one major security incident in the past
BlueStacks is a popular app that's maintained by a major company with plenty of industry clout. As such, they handle your data pretty carefully.
However in 2019, security researcher Nick Cano alerted BlueStacks to a major security flaw in the program that could potentially let hackers steal users' personal data and install malware on their computers. BlueStacks patched the vulnerabilities immediately, and it was probably fixed before any hacker had a chance to exploit it.
Since then, there haven't been any notable issues. A BlueStacks spokesperson told Insider that they 'actively [keep] track of updates to open source Android and [apply] the latest patches on a regular cycle, in addition to resolving issues reported directly.' They're also led by former members of McAfee, one of the computer world's leading cybersecurity firms.
But incidents like that highlight why it's so important to keep all your apps fully updated, Tomaschek said. Every update has the potential to fix bugs and patch security exploits before they become a problem.
Insider's takeaway
If you're looking to safely emulate Android apps, BlueStacks is a safe bet. It comes from a legitimate source and is updated regularly.
When asked for his overall thoughts on BlueStacks, Hatter said this: 'I don't have reason to believe that there's anything wrong with it. Nothing's given me any indication that BlueStacks is doing anything seedy or trying to mislead users.'
But he noted that you still need to remember your cybersecurity basics: Only download BlueStacks from the official website, remember to 'do your homework' before installing anything from the Play Store, and keep all your software updated.
© BlueStacks Emulators can turn your PC into a Mac, let you play games from any era, and more - here's what you should know about the potential benefits and risks of using one What is DLC? Understanding downloadable content, a feature of nearly every new game How to upgrade your PS4 games to play on a PS5 with better graphics and frame rates How to overclock your CPU and boost your computer's performance without spending money