OFFICIAL SECURITY BLOG

Kindle Apps: Look Before You Leap

February 20, 2014 | BY

With school holidays in the UK slowly winding down (most likely with a cry of “Are they going back in yet” growing across the land), it’s quite possible mum or dad will be passing tablets or other mobile devices to their kids – especially with all that bad weather currently doing the rounds.

I’ve noticed over the last couple of weeks while looking for apps on my Kindle Fire that there seems to be a growing bit of a problem with apps on the Amazon Appstore causing problems for device owners.

App creators are basing games around popular pieces of entertainment – games, movies, kid’s tv – and placing them onto the market, where angry reviews and a lack of disclosure as to what the app is all about is the order of the day. Most of the apps I’ve seen generating the complaints tend to have a child-centric angle to them, and any parent thinking of shelling out a few pounds on some apps to keep their kids occupied may end up wishing they’d just gone on that day trip instead.

In some cases, the app developers attempt to rid on the coat-tails of legitimate brands, naming their “company” after well known entities, or even including the word “Amazon” in their name.

Lots of these apps are being pulled offline, but yet more are ready to take their place. Often, these apps aren’t hard to find – simply navigating to the App Store on a Kindle, then clicking on “New Releases” will show these problematic apps to the Kindle user alongside entirely legitimate applications.

Shall we take a look?

1) Mario Galaxy Jump, by “Incredible Amazon Games” (£1.83)

This one has various pictures of Mario doing….Mario style things…and there’s no indication of what this title is actually going to do, or how you play it.

“Extremely disappointed as pictures make you think this is the real Mario galaxy. Nothing could be further from the truth. Poor graphics, poor music, poor attempt all round – AVOID!”

Permissions:

* Read only access to phone state
* Open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications
* Get information about currently or recently running tasks; a thumbnail representation of the tasks, what activities are running in it etc
* Open network sockets
* Access information about WiFi networks
* Access information about networks

2) Spyro Skylanders by Guamanian Productions (£0.69)

“Are your kids a Spyro Skylanders fan? Keep them entertained for hours with this game based off the hit video game series!”

There’s no explanation as to what this game could be – there’s merely a bunch of impressive looking mock ups / screenshots in the image gallery and everything looks a little bit old school. In fact:

Skylanders reviews

“I bought this game thinking it was like the actual ps2 game – i was led to believe this by the pictures but no it was a memory game with cards, i know it was only 69p but still not worth that”

Permissions:

* Read-only access to phone state
* Open network sockets
* Access information about Wi-Fi networks
* Access information about networks

3) Plants Vs Zombies, by – this is fantastic – “Angry Memory Birds Kids” (clearly going for the kitchen sink approach there). This one does say it is a “memory game”, though the sole image of what looks like tiles being matched comes at the end of a number of nice looking wallpaper style shots which would suggest in-game activity. Either way, this one is currently unavailable.

Interestingly, it has the same permissions as “Mario Galaxy Jump”.

4) Star Wars: Free Game by ZGC Game

This one is free at least (and unlike everything else covered here, still available to download) claiming to be “The most exciting live performances Star Wars!” It definitely sounds impressive:

Star Wars info

According to user reviews, the reality of it is that this app is a “jigsaw game”. I particularly liked how the very last image on the preview screens for this “Star Wars” game is the U.S.S. Enterprise.

5) Moshi Monsters by DonkeYMobile (£ 0.69)

Moshi game information

This one is open about being a “memory game”, but is somewhat hesitant to explain how it actually works. From the reviews:

“My daughter gave me 60p of her pocket money to buy this game. What a disappointment. The opening screen shows lots of moshi pictures all of which are locked. There is no help available. We have no idea what to do. The screen looks very amateurish.”

Another one:

Second review

Unsurprisingly, this one is now unavailable. The listed permissions are as follows:

* Read-only access to phone state
* Set the wallpaper
* Open network sockets
* Access fine (e.g. GPS) location
* Access extra location provider commands
* Access information about Wi-Fi networks
* Access coarse (e.g. Mobile-ID, Wi-Fi) location
* Access information about networks
* Access the torch

6) Kids Frozen Game, by Flavasoft (£0.60)

This one was pulled before I could take a closer look at it, and all that remains in Google Cache is the reviews page – seemingly it was selling reasonably well, getting a mention in the top games for kids over the last 90 days. However, all we have left to go on is this less than glowing review for this title riding on the coat-tails of the recent Disney movie:

“My main gripe is being forced to open the ad when you start the app. And that it’s then an ad for iPhone apps… from an android device. AND that you then can’t get back to the app without returning to the home screen – very counter-intuitive. Is this bad programming or rather cynical considering it’s an app for kids?”

7) Super World, by Wario Apps (£8.99)

It seems to be a Super Mario World game, except the developer commentary is somewhat at odds with the review scores.

The commentary:

Eye-Popping Cartoon Graphics Android Platform Games have never looked more amazing!
Epic Platform Action Simple tap control designed to work perfectly with your touch screen!
Explore beautiful and magical landscapes, with more coming soon!
1 UP Lollipops hiden in every level, Are you awesome enough to find all of the missing 1UP Lollipops?
Retro platformer/side-scroller gameplay

The reviews:

Success all round, or not

Whoops.

As you may have guessed, this one has now been pulled too. App permissions:

* Read-only access to phone state
* Open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications
* Get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc
* Open network sockets
* Access information about Wi-Fi networks
* Access information about networks

There are plenty more apps similar to the above floating around on the store (indeed, some of the ones listed above are still available to download). The biggest problem here isn’t the app permissions which are generally fairly standard (and in many cases, often ask for less access to both personal information and the device itself than many of the more mainstream apps out there). The problem is a lack of information as to what the apps actually do, whether they’re games in the sense of “not a terrible sliding puzzle thing” or not and whether the Kindle owner will even get something functional after handing over their money.

There’s certainly some brand confusion going on here – perhaps Amazon should consider a “Verified by…” system for the biggest / most well known publishers. Certainly in the realms of games for kids, the usual targets for…”flattery”…pop up over and over again: Mario, Angry Birds, Skylanders, anything related to recent cinema outings for cartoons and so on. It certainly wouldn’t solve everything – Twitter have their fair share of problems with their verified system – but it definitely seems like such a system could be put to good use on the Amazon marketplace.

For the time being, remember that going on an app spree may seem cheap – many of the above titles weigh in at £1 or less – but it doesn’t take long before you’ve gone through a cool £5 and are wondering where all the great games you’ve been promised have escaped to.

Tips for Avoiding Kindle App Shenanigans

1) Read the reviews. While these apps are in circulation, the only real chance you have of avoiding a stinker is to see what horrors have befallen those brave souls who have gone before you.

2) Check the developer name. If it’s a horrible mashup of words associated with various titles, there’s a good chance some alarm bells may be ringing.

3) Take a good look at the “screenshots”. The majority of the 100% fake apps – the ones which claim to be amazing, mindblowing games and disclose nowhere that they’re just some terrible tile sliding effort – use lots of pre-renders / promotional art from real games.  Google Image Search will probably come in handy here.

We’re going to take a look at some of the apps currently still live on the Marketplace and post a follow up soon. For now, here’s to a hassle free Kindle experience (and a world filled with a few less shouty reviews).

Christopher Boyd