Ask AC: Is it safe to use the Amazon App Store?

Since we're all fairly concerned about mobile security on a personal and professional level, we recommend that the phone in your pocket and full of your personal data has a locked bootloader and "Unknown sources" left unchecked. If you find a trusted app that needs to be sideloaded, disable the setting again once you've installed it. It's the last barricade between your data and an app that hasn't been vetted for safety.

Because we take this stance, more than a few folks have written in with the same question:

Is it safe to use the Amazon App Store? It requires Unknown sources be enabled.

First, thanks to everyone who asked. We love it when folks try to get the answers they need and try to help as much as we can.

The Amazon App Sore is a dilemma. The problem is that it can update apps over-the-air like Google Play or the Apple AppStore but to do this in needs the Unknown sources setting to be enabled. That means if you did sideload a nasty app that wants to install other, possible nastier, apps you let them try it. That's what Unknown sources is — it allows sideloading of apps that didn't come from Google Play and have the right signature.

Amazon does a good (4 stars; would buy again) job vetting the apps they put in their store. Apps must be approved before they are published — the same method Apple uses — and so far, we haven't heard of any slipping through the cracks and being harmful in any way. While Google has no public opinion of Amazon and their ventures with Android, BlackBerry has embraced them and it's an approved way to run Android apps on BlackBerry 10 devices. Their store is safe, and the apps you download from them are safe.

The hard part is offering a suggestion that works for everyone in this case. There just isn't one. As much as I hate to do it, this one gets two answers.

  • If you're a casual Android user — you don't read blogs every day or fiddle with settings and tweaks on your phone — leave the unknown sources box unchecked and skip the Amazon App Store. You'll find most of the apps in Google Play, and there's a good chance they will be a more recent version. This isn't fair to Amazon because they do run a tight ship, but that's just how Android works. This setting is an all-or-nothing thing.
  • If you are an enthusiast-type, go for it. Either manually toggle the setting when your phone tells you there's some sort of update, or run wide open and use good judgment for every app your download and install. You know the risks, and you own the hardware, so do what you please with it. Just be careful. Do it for old Uncle Jerry.

All this is more of a precaution that a reaction to anything. Malware isn't unheard of on Android, but the numbers you hear from companies who make money selling you security apps aren't quite as sensational when you consider the scale — there are about 1,600,000,000 Androids out there. And that's only counting the ones that have Google services installed. 10,000 is 0.000625% of the install base, and even 1,000,000 is less than 1%. But there's always a chance some crafty guy or gal can find a way to get your stuff. Do everything you can to keep your stuff safe.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Great article, especially considering all of the "malware" headlines right now. Thanks Jerry. Posted via the Android Central App
  • Great read! I can always count on uncle Jerry to keep it 100! Posted via the Android Central App
  • I have Amazon App store on my S6. I rarely install an app from it. In the beginning, I would get the "free" version of a game or app, and realized it was often a version or 2 behind the Google Play version of the App. No malware on my phone (yet), but what actually concerns me are the number of apps that have so many permissions (that you can't change) that shows up as a "concern" on my VZW Galaxy S6. Some came standard on the phone (and I can hide but not delete), and the rest came from Samsung or the Google Play Store.
  • I rarely use it anymore, and find it most annoying that when I use an app from amazon I have, like 8 of them, it turns on all amazon apps like the appstore, underground, videos, music, etc etc and eats up my processor and ram and battery I just wanted to use one app, and now I have to go force close 8 apps after use.
  • Apps do seem to be older on Amazon than Google and in two cases I've found that the developer gave me a code to get the same app on Google. Does the posting of new versions have problems on Amazon? Amazon could fix this. Developers seem to hate the Amazon app store; I would certainly not like my app going free with no notice and having to suddenly support a bunch of people with no money coming in. Amazon could fix this. On the user side amazon updating apps takes a very long time requiring user intervention. Annoying but I see why it has to be that way. I'm a long time prime member but I avoid the Amazon app store. Just use it to get prime video now.
  • Was always the preferred method on Blackberry because google required other things like play services and so on to work properly where as Amazon did not. I used it all the time on my Z10 and Z30 but just recently tried it on my G4 and found it laggy and using a lot of system resources. I'm sure Amazon works very nicely on Blackberry's Priv.
  • It was a pre installed app on my Galaxy S4, seemed to install apps without unknown sources security box checked. I think that it's the case on any device the Amazon app store comes pre installed on. Posted via the Android Central App
  • I believe you're right. It was preinstalled on my S7 edge, and it works despite the unknown sources toggle being turned off.
  • Yes it is. Google still scans the app for the bad stuff.
  • Though, apps can still request questionable permissions regardless of where they come from, even apps on the Play Store.
  • Interesting I didn't know that Amazon needs uninstalled sources on for updates I guess it makes sense. I check unknown sources back when I don't need it. It's a shame that the all or nothing is recommended for casual unaware users but it does make the most sense. I've started using Amazon underground and apps like goat simulator (already paid for it on Google play) messes up on my phone but Amazon version works perfectly. For the most part Google play does have more/better apps then Google play except for droid TV. I'm curious if fire tablet users are safe and if by default unknown sources is checked on fire OS. Don't really know how secure Amazon fire devices are either. Posted via the Android Central App
  • I stopped using it the minute I saw out of date apps 2 and 3 versions behind. Haven't gone back since. Posted via the Android Central App
  • This exactly. The app are always slow to be updated or sometimes completely abandoned by the devs. I tell my family to never buy an app from the amazon app store.
  • Never buy, sure (as long as you don't have a Kindle Fire). But I've gotten many apps free on the Amazon Store that would cost money in the Play Store. In the past, I've installed the Amazon App Store on my devices, but I just haven't bothered this time around on my N5X, mostly because the Amazon interface drives me crazy. It's also not as big of a deal anymore now that I use Google Rewards to rack up Play Store Credit.
  • Malware on your Android is what you get when you go to a skeezy third world website to try to beat Google out of 99¢ for an app. There's always a cost.
  • Anyone can participate in the Google Opinion surveys. I haven't bought an app or paid to rent a movie with my own money in 2 years since I joined. Posted via Techmology
  • Cheers, I've registered with the app and got some credit already :) Posted via the Android Central App
  • Yeah. I've gotten about a hundred bucks doing that. Way better than using skeezy sideload crap.
  • I haven't used Amazon apps since they got rid of the free app of the day.
  • I Lol'ed at the "4 stars" reference. Nice. I just allow for an individual app install, AFTER checking out permissions, then lock it back down.
  • Great article, thank you! I've been wondering about this for awhile Posted via the Android Central App
  • I really wish Google would change their "All or nothing" stance to one that allows the user to approve *specific* other sources.
  • Any insights on the Amazon Underground tracking? Is it as intrusive as it sounds? I have not updated the Amazon Appstore because I don't need the all in one Amazon app, but I've been thinking about trying it for some of the free apps. Posted via the Android Central App
  • Doesn't Lollipop and up have an option to only turn it off for that install that one time? I've seen it before on a couple of my phones. Is that a manufacturer thing or an Android thing?
  • Wow Jerry, I was going to write you guys asking about this. Thanks for always reading our minds! Now let's work on those Poweball numbers! Posted via the Android Central App
  • I'm surprised AC didn't mention that on Samsung phones, you don't need "unknown sources" to be "on" for everything to use the Amazon App Store. You allow the Amazon app store its unknown sources permission and that's it. It's off for everything else. The only risk I see here is that you have to trust that Amazon has checked every app in its store for malware -- I'm not sure I trust them as much as Google, given the number of counterfeit products that are sold on Amazon's site every day, but I'd trust them more than most 3rd party app stores or sites that distribute various APKs.
  • I use the amazon app store, get most apps from Google play, a few from amazon. Posted via the Android Central App
  • Many apps installed from Amazon appear to update through Google playstore anyway,there are only a few apps that I have found unique to Amazon.
    I got a few cheap on Amazon app store when they had deals on,a few years ago,I just get a small message on Google playstore about it being installed from another market place and Google updates them anyway..
    It appears I got the best of both worlds,cheap apps,but with secure updates through Google...
  • Amazon is great for their free app giveaway. I've got some great usually paid apps for free. But I've found it will have outdated apps before. Plus some apps will just get updated on their own by the Play Store. And then others won't and it will say this was installed by another app or something like that. Posted via the Android Central App
  • I enjoyed "The Amazon App Sore is a dilemma" but I suspect you did actually mean Store... :)