There is no problem with using App Inventor to write your own apps and share them with others. The problem is that App Inventor makes it easy to write any app – and malware authors have begun to use App Inventor to create apps that are malware and might do bad things.
“App Inventor doesn’t give malicious apps any special powers nor access to exotic exploits to attack your phone. But it does make the production of Trojanized apps enormously easy. With only a basic understanding of Android programming, an attacker can churn out tons of malicious apps. More apps means more confusion, and more opportunities for attack.”
Source: Mobile Threat Monday: Android Attackers Use App Inventor for Evil | PCMag
App Inventor is a “low code”, visual software development tool. Such “drag and drop” programming tools enable non-programmers (and programmers) to create many types of applications without the details of traditional programming code.
This leads to an important issue – will less trained/less experienced programmers inadvertently introduce security problems in their applications?
Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? Low-code refers to tools that enable application construction using visual programming models. Adopting drag-and-drop components instead of traditional code, no-code and low-code platforms enables non-technical folks to construct their own workflows without as much help from IT. Yet, handing power to citizen developers with less security training can be risky. Plus, low-code platforms may hold compromised propriety libraries or leverage APIs that may unknowingly expose sensitive data to the outside world. There’s also the possibility that low-code could increase shadow IT if not governed well.
How to Mitigate Low-Code Security Risks