Since we're all fairly concerned about mobile security on a personal and professional level, we recommend that the phone in your pocket and full of your personal data has a locked bootloader and "Unknown sources" left unchecked. If you find a trusted app that needs to be sideloaded, disable the setting again once you've installed it. It's the last barricade between your data and an app that hasn't been vetted for safety.
Because we take this stance, more than a few folks have written in with the same question:
Is it safe to use the Amazon App Store? It requires Unknown sources be enabled.
First, thanks to everyone who asked. We love it when folks try to get the answers they need and try to help as much as we can.
The Amazon App Sore is a dilemma. The problem is that it can update apps over-the-air like Google Play or the Apple AppStore but to do this in needs the Unknown sources setting to be enabled. That means if you did sideload a nasty app that wants to install other, possible nastier, apps you let them try it. That's what Unknown sources is — it allows sideloading of apps that didn't come from Google Play and have the right signature.
Amazon does a good (4 stars; would buy again) job vetting the apps they put in their store. Apps must be approved before they are published — the same method Apple uses — and so far, we haven't heard of any slipping through the cracks and being harmful in any way. While Google has no public opinion of Amazon and their ventures with Android, BlackBerry has embraced them and it's an approved way to run Android apps on BlackBerry 10 devices. Their store is safe, and the apps you download from them are safe.
The hard part is offering a suggestion that works for everyone in this case. There just isn't one. As much as I hate to do it, this one gets two answers.
If you're a casual Android user — you don't read blogs every day or fiddle with settings and tweaks on your phone — leave the unknown sources box unchecked and skip the Amazon App Store. You'll find most of the apps in Google Play, and there's a good chance they will be a more recent version. This isn't fair to Amazon because they do run a tight ship, but that's just how Android works. This setting is an all-or-nothing thing.
If you are an enthusiast-type, go for it. Either manually toggle the setting when your phone tells you there's some sort of update, or run wide open and use good judgment for every app your download and install. You know the risks, and you own the hardware, so do what you please with it. Just be careful. Do it for old Uncle Jerry.
All this is more of a precaution that a reaction to anything. Malware isn't unheard of on Android, but the numbers you hear from companies who make money selling you security apps aren't quite as sensational when you consider the scale — there are about 1,600,000,000 Androids out there. And that's only counting the ones that have Google services installed. 10,000 is 0.000625% of the install base, and even 1,000,000 is less than 1%. But there's always a chance some crafty guy or gal can find a way to get your stuff. Do everything you can to keep your stuff safe.