I'd love to see an easier way to get the apps, but since the apps are not signed, nor have published hashes which can be verified, I wouldn't trust a random shady third party to provide those apps. Many apps also have a browser component, which runs hidden on your phone. It could be possible for cpfx to inject malware in the apps.