Android Security

Why the Amazon App Store Is an Android Security Threat

Christian Cawley 06-06-2017

Free apps and games. It’s always the promise of free stuff that lures people into a false sense of security. And it’s that very carrot that prompts otherwise sensible people to install third-party app stores on Android. We’ve even recommended such libraries before.


Sometimes they’re better than Google Play in terms of presentation, but often they provide apps that have been dropped from the “official” store. Often they make available software that the “developers” perhaps don’t have the legal right to repackage. And then there are apps and games laden with malware.

But you don’t even need to install one of these third-party apps to weaken your smartphone. All you need to do is install the app store itself. This act alone can open your device to vulnerabilities. So what has this got to do with Amazon?

Amazon’s Apps on Android

Several Amazon-published apps are available for Android. These include, but are not limited to, the Amazon Kindle and the Amazon Shopping apps. You might also find Amazon Music, Amazon Seller, Amazon Prime Now, Amazon Alexa, and audiobooks from Audible.

smartphone android amazon apps

You’ve probably used most (or all) of these apps at some point. None of them pose a risk to your device (that we’re aware of at the time of writing) and they’re all available via Google Play, subject to the same screening that’s required for all other apps and games.


But there is one app that you won’t find on Google Play.

What Is Amazon Underground?

Amazon tablets (and Fire TV hardware) get the Amazon Appstore by default. They’re often build around instant access to Amazon’s vast library of media, apps, games, and shopping.

Standard Android devices don’t have this access. It’s presented instead via some of the apps listed above. This way you get music from your Amazon library, streamed video from Amazon Instant Video, etc.

For apps and games, however, you need the Amazon Underground app. You won’t find this in Google Play as it’s a third-party app store. This means that you must reduce the security of your device to install it — and most users will forget to reverse this change after installing it.


The Unknown Underground

Amazon Underground, like any other app from a third party, requires you to enable installation of apps from Unknown Sources on your Android smartphone or tablet. This setting — found under Settings > Security — can have serious security repercussions.

android amazon unknown sources

While it’s risky to use it for a single app, it can be easy to overlook that the security setting has been disabled when faced with an exciting new app store.

But the trust that people have in Amazon overpowers that risk. After all, Amazon would hardly release an app that damages your phone, right?


Free Premium Games

Amazon Underground is an attractive proposition for Android users as it has a key selling point: free games. While games are free all over the place, these particular games are ones that cost a fee to acquire on Google Play.

This essentially gives mobile gamers the chance to save money. Who wouldn’t want to do that?

In other words, this is an app by a trusted name in e-commerce that requires you to reduce the security of your smart phone or tablet to save money on premium apps.

Uncomfortable, isn’t it?


Why You Shouldn’t Enable Unknown Sources

With Unknown Sources enabled, your Android device is at risk Is It Safe to Install Android Apps from Unknown Sources? The Google Play Store isn't your only source of apps, but is it safe to search elsewhere? Read More . If you’re going beyond Google Play, you should be able to verify the origin of the app you’re installing. There are two questions you should ask yourself if you’re planning to install apps from outside of the Google Play Store:

  1. Is the APK file genuine?
  2. Does it come from a reputable developer or publisher?

In most cases, if you cannot answer “Yes” to both questions, then you should not install the app.

Unfortunately, it isn’t as clean-cut as that. If you’re trying to use Android without relying on Google How to Use Android Without Google: Everything You Need to Know Want to use Android without Google? No Google, no problem. Here's a guide to going Google-free on your Android device to regain privacy. Read More — a great way to enhance your privacy — then third-party app stores are a necessity.

Amazon’s Begging Bowl

Amazon started at a massive disadvantage in the app store market. Apple and Google (and latterly, Microsoft) have a walled garden, which they control quite well. The advantage for consumers is that malicious software cannot spread to phones. Controls put in place in the submission and review process for new apps and games prevents this.

However, whereas Apple and Microsoft block the installation of apps from third parties (although there are ways for developers to install their own apps), things are not so tight on Android. Hence the Unknown Sources setting.

android amazon permissions

It makes sense that a company as adept at profit making as Amazon should try and attract Android users. After all, its own mobile operating system, Fire OS, is based on Android. Apps for one work on the other.

But even using Amazon Underground to install apps requires you to have Unknown Sources enabled. That’s not a great option. As Andrew Blaich, a security researcher at Lookout, observes:

“By allowing unknown sources, a user is removing the first line of defense in stopping themselves from installing a malicious app that can be delivered from a number of sources, including malicious website links, phishing attempts and others…”

Yes, enabling Unknown Sources isn’t just about third-party app stores and apps. Websites and adverts can prompt your phone to install malicious software. The same goes for links in email messages and instant messengers.

All of this puts Android security at a similar level to Windows security. Android malware Malware on Android: The 5 Types You Really Need to Know About Malware can affect mobile as well as desktop devices. But don't be afraid: a bit of knowledge and the right precautions can protect you from threats like ransomware and sextortion scams. Read More can be accidentally installed from anywhere.

That’s why disabling Unknown Sources is inherently unsafe.

Is It a Risk You Want to Take?

We know that enabling Unknown Sources is Android opens your phone to malware on third party app stores. And we know that a nice selection of premium games are available free in the Amazon App Store.

While there are rumors that Android O How to Access the Android O Beta Right Now Android O is coming soon, but you can get the beta version now and give it a try. Here's how to sign up to try the next version of Android right now on your eligible... Read More will enable the installation of third party app stores, thereby bypassing the problem of leaving Unknown Sources enabled for a prolonged period, as things stand, it remains a risk.

Is it a risk you take? Are you happy to leave your phone vulnerable to malware just to make a few savings? Tell us in the comments.

Image Credits: Who is Danny/Shutterstock

Related topics: Amazon, Android Tips, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. likefunbutnot
    June 8, 2017 at 3:12 pm

    As a counter to this, the Amazon App Store is a mainstream alternative app store from Android that is, importantly, available to all Android users. Google Play is explicitly not that. For someone who owns an Android Device that isn't licensed to use the Play Foundation Framework, the Google App store simply isn't an option. Even for owners of more typical Android devices, it's nice to have the choice to install from a source other than Google; sometimes apps are cheaper in one store than the other or can be installed from Amazon while being carrier/handset-manufacturer blocked on the Play Store. Amazon also has a really nice Parental Control Sandbox and some easily-controlled additional payment options that work well for kids, which should at least make it a more credible options for some things than Google.
    Yes, there's a trade-off, but Android is meant to be an open system and users are meant to have more than one provider for applications. Sure, it's still a bit of a walled garden, but if users didn't at least have two mainstream choices to provide apps, I wouldn't even consider using it in the first place.