Sideloading Apps is a Dangerous Game

Sideloading Apps is a Dangerous Game

This post covers my adventures in trying to get a game I really like and have already paid for on the Desktop, to run on my unsupported tablet. In the process, I spend many hours banging my head against the keyboard and end up running into an army of malware, aimed at the mobile gamer, hosted on file sharing sites and intended to be installed on the device manually by the user.

My best advice to avoid this problem is to only use trusted and authorized app stores, no matter what device you are on and that straying from that can be a perilous quest.

Amazon App Store

Not all app stores are made equal.

Many of them come with apps specific to the platform they run on or even the service they support.  The biggest mind boggling thing of it all is that while different devices might have different app stores, many of them run the same operating system.  The Amazon Kindle Fire is one of these devices.

Amazon App Store

Amazon App Store

Inherently, the Kindle sports the Amazon App Marketplace, which has a lot of different apps, many of which you could find on the Google Play Store.

However you can’t install the Google Play store on the Kindle, the only other option I have been able to find is to use the 1Mobile market which also doesn’t include many of the Google Play apps.  The odd thing is that the Kindle Fire runs a customized version of Android, so it’s not a matter of compatibility, but rather availability when it comes to running Google tablet apps on the Kindle.

Sideloading

So the best thing Amazon could have done to help users through these trying times of spending lots of $$$ on the Kindle but not giving them the ability to download all apps available to Google users is to make sideloading apps a breeze.

Sideloading refers to installing an app onto the device by copying the APK installer onto the device and manually installing it on the system, i.e. bypassing the app store.

On many devices, in order to sideload apps you would need to obtain root access on the phone, something that often results in users ‘bricking’ their phone or turning it into a $500 paper weight.

The Kindle allows sideloading apps without the need to root the device which is fantastic and I feel like it’s a consolation prize for users unable to use the Google Play store on an Android based device.

Now, if you think that getting apps from the Google Play store, with the intention of installing them on your Kindle,  is an easy feat, it’s not.

First of all, you need a Google approved device, so any other kind of Android device. Second, you need an account that is connected to that devices. Third, you need some way to actually download the APK files for the app because of course Google doesn’t allow you to download the APK’s directly from the App Store on anything other than an Android device.

APKChromeDownloader

APK Downloader Chrome Extension

There are options out there, including a plugin for Google Chrome, that help you download an App, if the App is free or you already own it, but that usually involves you handing over your Google login information to a third-party, which isn’t always the best idea.

Even still, utilizing tools like that don’t always work and in certain cases, if your Google registered device fails to meet the minimum requirements for the app, you can’t even purchase it.

Frozen Synapse Logo

Frozen Synapse Logo

I ran into this problem when trying to side load the game Frozen Synapse onto my Kindle device. It’s a very fun game that I have been playing on my Desktop and I was willing to pay 5x as much as the original price, just to play it on my Kindle.

After discovering that none of my Android devices registered with Google met the minimum requirements. Both my Android Tablet and Galaxy S2 were using older versions of the Android OS to run the game.  At this point, I couldn’t even purchase the game to download the APK.

FrozenAppStore

Google Play Store, Desktop Edition

After hours of trying any work around I could find, I gave up and realized I would just need to wait until the developers of the game got around to making a Kindle version available on the Amazon App Store.  However, it got me thinking what lengths other users were willing to go to play the game on an “unsupported” device.

SearchResults

I went searching around for Frozen Synapse APK’s and within the first few hits, I came across a download site that offered the APK, for free.

4SharedFiile

I downloaded the APK and as with all files I obtain from free download sites, I ran it against VirusTotal to find that it was jam packed full of mobile malware.

Virus Total Results

Virus Total Results

Malwarebytes-Anti-Malware-1

What might have happened on my Kindle had I actually copied the APK over and tried to install it? I decided to try, in the name of science, and as soon as it was detected on my Kindle, my version of Malwarebytes Anti-Malware Mobile quarantined the sucker.

I dug around a bit more online, looking for additional sources of either malware or the game itself, I found both however the APKs for the game were old versions that would install but not run on modern tech.

The Point

Malware is everywhere, when there is a need by a group of users, you can bet that need will be filled by malicious actors looking to infect users with whatever they can.  Malicious downloads on file sharing sites have been around for a very long time.

  • Looking for that Movie you really like but don’t want to pay for? Malware.
  • Looking for an album you really wanted to listen to but out of cash? Malware.
  • Looking for that new game that all your friends are playing but you can’t afford? Malware.
It spans from the Desktop to the Mobile space and any device that might fall 

in between

 .

My advice? Only use authorized and trusted app stores as much as possible. If you do decide to use a tool like I described above to download an APK from the Google Play store, then be sure to change your login credentials as soon as you are done.

Thanks for reading and safe surfing!

Adam Kujawa

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.