Testing platforms are common for mobile apps, and are one of many ways in which independent app developers and large software makers can deploy test software without going through the sometimes rigorous App Store and Play Store review processes. This is primarily to let developers squash bugs and ensure the app can run on a variety of different devices, some of which may be using outdated operating systems and powered by older, less powerful components that may render the app sluggish or just plain inoperable.
In this case, however, it looks like Shadow used a test platform for the app’s public distribution, at least for Android users. (TestFairy provides an iOS installer platform, but it is not clear if Shadow used TestFairy for the iOS version of the Iowa Recorder App.)
Installing software through a test platform or sideloading onto your device manually both come with security risks, as app store review processes are designed to discover whether a piece of software is hiding malware or does something behind the scenes it’s not supposed to. In the event you do sideload an app or try installing an unofficial version, your smartphone typically warns you of the risks and asks if you want to proceed. It’s also a less stable model for deploying software at scale, which might explain the difficulty precinct chiefs had in downloading the program.
The screenshot from Motherboard also shows that the app was distributed using the platform’s free tier and not its enterprise one. That means Shadow didn’t even pony up for the TestFairy plan that comes with single sign-on authentication, unlimited data retention, and end-to-end encryption. Instead, it looks like the company used the version of TestFairy anyone can try for free, which deletes any app data after 30 days and limits the number of test users that can access the app to 200.