Amazon Appstore “accidentally” hosts spyware – proving that even the most trusted platforms aren’t safe

A malicious app disguised as a health tool was recently found on Amazon Appstore. While the app appeared to be a simple BMI calculator, it secretly collected sensitive data, including users’ installed apps and text messages. The spyware also exploited permissions like screen recording to steal private data from under your nose. Although Amazon has removed the app, this incident serves as a reminder that even trusted app stores aren’t immune to malware. 

If you’re wondering who even uses Amazon Appstore, the answer is millions of people. It comes preinstalled with all Amazon Fire Tablets and TVs. Moreover, Microsoft’s native implementation of Android app emulation uses Amazon Appstore as the primary source for downloading apps. 

Amazon Appstore’s privacy policy already outlines strict app permissions and data handling guidelines. However, incidents like this highlight the need for proper enforcement and proactive auditing. 

Alternatives

As an Android user, I usually download all my apps from the Google Play Store, with the exception of some open-source apps that are available only on GitHub and F-Droid. I am all for healthy competition in the app store space and completely against market monopoly, but Google does things right. 

Google’s Play Protect is a built-in security feature that comes with the Play Store to ensure the safety of your apps. It scans your apps during installation and regularly monitors them for suspicious activities afterwards. F-Droid, the open-source app store, also vets the apps extensively before allowing them to be in the store. It also requires the developers to lay out all their cards by announcing every permission the app uses and why. 

Amazon’s guidelines are nice to see on paper. However, these guidelines don’t mean anything if they don’t enforce them. 

Takeaway for users

The takeaway from this incident is very clear for end-users like you and me. We need to be more careful about the apps we install on our phones and where we source them. It’s a good idea to monitor the permission settings on your phone regularly. 

And while this one was Amazon’s fault, malware usually finds its way to your phone through sideloaded apps. So, maybe you should keep the “install apps from unknown sources” option turned off except when you’re trying to sideload an app from a trusted source. 

For Amazon Fire tablets and TV users, there are ways to get the Google Play Store working on your devices, even though both Amazon and Google make it difficult to do so. Just letting you know that the option is available, but do it at your own risk.

Leave a Comment