Free apps and games. It’s always the promise of free stuff that lures people into a false sense of security. And it’s that very carrot that prompts otherwise sensible people to install third-party app stores on Android. We’ve even recommended such libraries before.
Sometimes they’re better than Google Play in terms of presentation, but often they provide apps that have been dropped from the “official” store. Often they make available software that the “developers” perhaps don’t have the legal right to repackage. And then there are apps and games laden with malware.
But you don’t even need to install one of these third-party apps to weaken your smartphone. All you need to do is install the app store itself. This act alone can open your device to vulnerabilities. So what has this got to do with Amazon?
Amazon’s Apps on Android
Several Amazon-published apps are available for Android. These include, but are not limited to, the Amazon Kindle and the Amazon Shopping apps. You might also find Amazon Music, Amazon Seller, Amazon Prime Now, Amazon Alexa, and audiobooks from Audible.
You’ve probably used most (or all) of these apps at some point. None of them pose a risk to your device (that we’re aware of at the time of writing) and they’re all available via Google Play, subject to the same screening that’s required for all other apps and games.
But there is one app that you won’t find on Google Play.
What Is Amazon Underground?
Amazon tablets (and Fire TV hardware) get the Amazon Appstore by default. They’re often build around instant access to Amazon’s vast library of media, apps, games, and shopping.
Standard Android devices don’t have this access. It’s presented instead via some of the apps listed above. This way you get music from your Amazon library, streamed video from Amazon Instant Video, etc.
For apps and games, however, you need the Amazon Underground app. You won’t find this in Google Play as it’s a third-party app store. This means that you must reduce the security of your device to install it — and most users will forget to reverse this change after installing it.
The Unknown Underground
Amazon Underground, like any other app from a third party, requires you to enable installation of apps from Unknown Sources on your Android smartphone or tablet. This setting — found under Settings > Security — can have serious security repercussions.
While it’s risky to use it for a single app, it can be easy to overlook that the security setting has been disabled when faced with an exciting new app store.
But the trust that people have in Amazon overpowers that risk. After all, Amazon would hardly release an app that damages your phone, right?
Free Premium Games
Amazon Underground is an attractive proposition for Android users as it has a key selling point: free games. While games are free all over the place, these particular games are ones that cost a fee to acquire on Google Play.
This essentially gives mobile gamers the chance to save money. Who wouldn’t want to do that?
In other words, this is an app by a trusted name in e-commerce that requires you to reduce the security of your smart phone or tablet to save money on premium apps.
Uncomfortable, isn’t it?
Why You Shouldn’t Enable Unknown Sources
With Unknown Sources enabled, your Android device is at risk . If you’re going beyond Google Play, you should be able to verify the origin of the app you’re installing. There are two questions you should ask yourself if you’re planning to install apps from outside of the Google Play Store:
- Is the APK file genuine?
- Does it come from a reputable developer or publisher?
In most cases, if you cannot answer “Yes” to both questions, then you should not install the app.
Unfortunately, it isn’t as clean-cut as that. If you’re trying to use Android without relying on Google — a great way to enhance your privacy — then third-party app stores are a necessity.
Amazon’s Begging Bowl
Amazon started at a massive disadvantage in the app store market. Apple and Google (and latterly, Microsoft) have a walled garden, which they control quite well. The advantage for consumers is that malicious software cannot spread to phones. Controls put in place in the submission and review process for new apps and games prevents this.
However, whereas Apple and Microsoft block the installation of apps from third parties (although there are ways for developers to install their own apps), things are not so tight on Android. Hence the Unknown Sources setting.
It makes sense that a company as adept at profit making as Amazon should try and attract Android users. After all, its own mobile operating system, Fire OS, is based on Android. Apps for one work on the other.
But even using Amazon Underground to install apps requires you to have Unknown Sources enabled. That’s not a great option. As Andrew Blaich, a security researcher at Lookout, observes:
“By allowing unknown sources, a user is removing the first line of defense in stopping themselves from installing a malicious app that can be delivered from a number of sources, including malicious website links, phishing attempts and others…”
Yes, enabling Unknown Sources isn’t just about third-party app stores and apps. Websites and adverts can prompt your phone to install malicious software. The same goes for links in email messages and instant messengers.
All of this puts Android security at a similar level to Windows security. Android malware can be accidentally installed from anywhere.
That’s why disabling Unknown Sources is inherently unsafe.
Is It a Risk You Want to Take?
We know that enabling Unknown Sources is Android opens your phone to malware on third party app stores. And we know that a nice selection of premium games are available free in the Amazon App Store.
While there are rumors that Android O will enable the installation of third party app stores, thereby bypassing the problem of leaving Unknown Sources enabled for a prolonged period, as things stand, it remains a risk.
Is it a risk you take? Are you happy to leave your phone vulnerable to malware just to make a few savings? Tell us in the comments.
Image Credits: Who is Danny/Shutterstock