As a retail and consumer expert who is admittedly a very picky shopper, I put a lot of thought into the safety and security of the digital stores I use to download apps. The Amazon Appstore has been around for over a decade now as an alternative to the Google Play Store on Android devices. But is it really a safe and trustworthy place to get your apps? I‘ll share my honest assessment in this post.
To cut right to the chase – yes, I do believe the Amazon Appstore is generally safe for consumers, thanks to Amazon‘s robust screening process and security features. However, there are still some important precautions users should take, which I‘ll outline in detail. I‘ll also share some relevant statistics and data points to give you the full picture.
First, let‘s look at how widely used the Amazon Appstore is. While it‘s nowhere near as popular as the Google Play Store, which comes preinstalled on most Android devices, Amazon‘s store still has a sizable audience.
As of 2022, the Amazon Appstore is available on more than 50 million devices worldwide, according to data from 42matters. The store contains over 460,000 apps. For comparison, the Google Play Store has over 3.5 million apps as of Q1 2022 (Statista).
In terms of market share, a 2021 report from Sensor Tower found that the Amazon Appstore accounted for 1.6% of all app downloads across both iOS and Android in the U.S. The Apple App Store took the lion‘s share at 59.4%, while the Google Play Store accounted for 39%.
So while Amazon is a smaller player, it still has tens of millions of users downloading a large catalog of apps. That makes security a major priority for the company.
Amazon‘s App Review Process
One key way Amazon tries to keep the Appstore secure is through its app review process. Every app submitted to the store goes through both automated and manual review before being published.
Some key things Amazon looks at include:
- Functionality – Does the app work as intended and described?
- User experience – Is the app intuitive to use or unnecessarily complex?
- Privacy and permissions – Does the app request unnecessary permissions or mishandle user data?
- Content – Is any of the app‘s content inappropriate, offensive, or illegal?
- Intellectual property – Does the app infringe on any copyrights, trademarks, or other IP?
- Security – Does the app contain any malware or exploitable vulnerabilities?
Developers must also follow Amazon‘s content policy and provide a valid physical address, which helps prevent scams and copycat apps. Apps are rescreened any time they are updated.
According to a 2021 blog post from Amazon, the Appstore uses machine learning to detect potential "copycat" apps in near real-time. The automated systems flag these submissions for manual review to catch any that slipped through.
Appstore Developer Select Program
To incentivize developers to build safe, high-quality apps, Amazon offers a program called Appstore Developer Select. Participants get extra promotion in the Appstore and higher revenue share, but must meet additional requirements.
Some key Developer Select requirements related to security include:
- Implementing Amazon‘s DRM to protect app content
- Following security best practices in development
- Not collecting any unnecessary personal information
- Using the latest Appstore SDK
By holding developers to a higher standard, this program can help raise the overall quality and safety of apps in the store. As of 2021, over 10,000 apps were enrolled in Developer Select, spanning categories like games, utilities, and productivity tools.
Comparing App Store Security
Of course, the Amazon Appstore isn‘t the only game in town. Let‘s see how its security measures stack up against the major competition.
Google Play Store
Google also screens apps submitted to the Play Store, but its criteria are a bit more lax than Amazon‘s. The biggest difference is that Google allows apps to be published first and then reviews them, while Amazon reviews apps before they go live.
Google does scan apps for malware, copyrighted content, and policy violations. Developers must also provide a privacy policy. However, there have been many cases of malicious apps slipping through and being downloaded by unsuspecting users before being caught and removed.
Apple App Store
Apple is known for having the strictest app review process in the business. Apps are carefully vetted before being published, and developers must follow strict guidelines around security, privacy and content.
Some of Apple‘s security provisions include:
- Requiring developers to use certain APIs and frameworks
- Prohibiting apps from downloading executable code
- Sandboxing apps to limit access to system resources
- Requiring HTTPS for all network communication
No system is perfect, but Apple‘s tight control over iOS has historically made the App Store less prone to malware compared to the more open Android ecosystem.
Potential Appstore Risks to Watch Out For
While Amazon does a lot to keep the Appstore secure, users still need to be vigilant. Here are some potential risks to be aware of:
Fake reviews and ratings
Unscrupulous developers may try to game the system by buying fake positive reviews to make their app look more legitimate. Take app store reviews with a grain of salt and do your own research before downloading.
Lookalike apps
Developers may try to ride the coattails of a popular app by releasing one with a very similar name or icon. Double check that the app you‘re downloading is the real deal from the actual developer. Checking the developer website is one way to verify this.
Phishing attacks
Be wary of any emails or web pages claiming to be from the Amazon Appstore asking you to log in or provide personal information. Go directly to Amazon‘s website to log in instead of clicking any links.
Hidden fees
Some "free" apps may hit you with surprise charges or require expensive in-app purchases to function properly. Carefully read the app description and reviews to sniff out any potential hidden costs.
Data leaks
Even legitimate apps may be lax with security, allowing hackers to access user data or inject malicious code. Stick to apps from reputable developers committed to data protection. Look for a privacy policy detailing how your information will be used and secured.
Permissions abuse
Apps may request more permissions than they actually need to function, putting your privacy at risk. Think twice before granting a game or utility app access to things like your contact list or precise location. Use your best judgment.
Enterprise Use of Amazon Appstore
For companies distributing mobile devices to employees, using the Amazon Appstore can provide some added security benefits compared to the open Google Play Store.
With Amazon‘s Appstore Management Portal, enterprise customers can:
- Curate a custom catalog of approved public and private apps
- Remotely deploy and revoke app access on employee devices
- Track license counts and get detailed usage reports
- Integrate with mobile device management (MDM) solutions
Having this centralized control can help prevent risky apps and ensure a consistent experience across corporate devices. That said, no app store can negate the need for employee education and strong internal security policies.
Amazon Appstore Vulnerabilities
No software is completely immune from vulnerabilities, and the Amazon Appstore has had a few chinks in its armor over the years.
In 2019, researchers at Check Point discovered a flaw that theoretically could have let attackers hijack a user‘s Amazon account through a malicious app. However, Amazon patched the issue after being notified and it doesn‘t appear to have been exploited in the wild.
Another incident occurred in 2012, when security researcher Charlie Miller discovered a bug in Amazon‘s DRM scheme that could allow an attacker to load malicious code onto a device. He demonstrated this by getting a fake stock advice app approved in the Appstore. Amazon quickly fixed the bug and pulled Miller‘s app after he disclosed it.
To my knowledge, there have not been any massive user data breaches tied directly to the Amazon Appstore. While no system is invulnerable, I believe the Appstore has proven to be a relatively safe option overall, at least compared to third-party app sources.
The Future of Appstore Security
Going forward, I expect Amazon will continue to invest in the security of the Appstore as mobile threats evolve. No system is perfect, but the company has strong incentives to protect its customers and reputation.
Some potential areas for improvement could include:
- More transparency around app review criteria and turnaround times
- Stricter requirements around privacy policies and data handling
- Improved algorithms for detecting fake reviews and scams
- More granular permissions options for users
- Bug bounty programs to root out vulnerabilities
Of course, security is a two-way street. While Amazon provides the Appstore platform, users must also do their part by being selective about what they download and staying vigilant against potential threats.
Together, a proactive app store and an informed user base can go a long way in keeping the mobile app ecosystem safe. The Amazon Appstore may not be perfect, but I believe it is a viable option for security-conscious Android users.
Closing Thoughts
As we‘ve seen, the Amazon Appstore has a number of security provisions in place to protect Android users. While not bulletproof, its review process and developer requirements are more stringent than the Google Play Store in some key areas.
For most people, using the Appstore as your main or only source of apps can definitely reduce your risk of encountering malware or scams compared to sideloading APKs from random websites. But of course, you should still exercise caution and good judgment before downloading any app.
If you do decide to use the Appstore, consider taking advantage of features like parental controls and purchase authentication to add an extra layer of security. Keep an eye on what permissions apps ask for, and don‘t be afraid to leave an honest review calling out any red flags.
At the end of the day, no app store can guarantee 100% safety, but sticking with official, reputable marketplaces is always your best bet. Between the Big Three of Apple, Google and Amazon, I have no qualms recommending the Amazon Appstore from a security standpoint.
That said, those who are ultra security-conscious may prefer to stick with the Apple ecosystem and its Fort Knox approach to app screening. But for the Android world, Amazon has staked out a middle ground between wide-open and locked-down.
I hope this in-depth look at Amazon Appstore security has been helpful and informative. Stay safe out there!
