Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps

[MacRumors]

Given the amount of criticism that Apple has received for their curated App Store, it should be interesting to see that Google's unmoderated solution for Android is not without its own criticisms. CNet reported on the high potential for abuse in the Android marketplace:

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

While most of these apps are not malicious, spyware is said to be a growing problem. Google denies it being a real issue, however, and points out that users must explicitly allow applications to get access to the data. While true, Jon Johansen disputes the practicality of these checks and also believes that Google's lack of curation is hurting their marketplace:

Google does far too little curation of the Android Market, and it shows. Unlike Apple's App Store, the Android Market has few high quality apps.
...
Below are just a few examples of what's wrong with the Android Market. Those 144 spam ringtone apps (which are clearly infringing copyright) are currently cluttering the top ranks of the Multimedia category. I was not surprised to find that they were being monetized through Google Ads.

Meanwhile, this past week, Google remotely disabled two apps from all Android phones. This so-called "Kill Switch" received a lot of publicity when it was revealed that Apple had the same functionality for the App Store. So far, Apple has not been known to have triggered it. According to Google, the remotely disabled apps were not malicious, but misrepresented themselves in order to encourage downloads:

Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data -- or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.

Article Link: Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps

 

[Full of Win]

With freedom comes responsibility.

Having a more free ecosystem means users will have to exercise more responsibility in what they add to their devices. I'd gladly take this over the Apple model.

 

[macfan881]

App Store > everything Else

 

[spyda]

Droid does.

 

[tempusfugit]

When there's no limit to what droid gets.....

With freedom comes responsibility.

Having a more free ecosystem means users will have to exercise more reasonability in what they add to their devices. I'd gladly take this over the Apple model.

No, it means that the android market is a god damned minefield. Android apologists....

 

[Eric S.]

Who the heck is Jon Johansen? "Few high quality apps"? Give me a break.

 

[Full of Win]

Who the heck is Jon Johansen?

aka DVD Jon

 

[MBHockey]

Who the heck is Jon Johansen? "Few high quality apps"? Give me a break.

There's this thing called Google...but you may have not heard of that either since you seem to be living under a rock.

 

[Yibgib]

1

 

[MikhailT]

With freedom comes responsibility.

Having a more free ecosystem means users will have to exercise more reasonability in what they add to their devices. I'd gladly take this over the Apple model.

How does a user know if the the application isn't a malware? There's nothing in place to protect the users. There's no "exercising" responsibility or "reasonability" if the information isn't forecoming. People's reviews and/or comments does nothing to prevent the fact that most people do not test against information leaks, so this isn't a compromise either for a community based marketplace.

The fact that Google took actions AFTER somebody ran a test is really unacceptable. Why didn't Google test in the first place? They can continue the same practice they have right now but they still need to review the apps to make sure the users are not compromising their privacy or risking security issues. They don't need to block all incoming applications, they should just reviews the applications while they are on the market and remove if anything was found and ban the developers from the market for breaking the ToS.

 

[dogie678]

this is specially troublesome

http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/

Security researcher creates botnet for Android, tricks 300 users to download the app


if Oberheide hadn't presented his research at the SummerCon hacker conference there's no reason to believe that Google would have been aware of the existence of this rogue app in the first place.

Android should NEVER be allowed in the Enterprise.

 

[hexagonheat]

Sensationalist garbage.

The android market place has many many quality apps as well as App Brain and other methods of finding the highest quality ones.

The phone is built such that apps do not have access to your sensitive data *unless you let it*. It will ask you if you want the application to access all your private details and the user has full control over the outcome.

Mac users wouldn't want the iPhone app store misrepresented and they shouldn't want misinformation spread about the competitors either.

 

[MikhailT]

it says apple never used there switch
why is google voice o loger on my ipod

IIRC, Google voice was rejected from the app store, I don't think anybody was able to download the actual Google Voice app from the app store. Kill switch isn't the same thing as app store rejection. Kill switch is used after the app has been available on the market and people downloaded them onto the device, if the kill switch turned on, all copies are immediately deleted from the devices.

 

[dogie678]

Sensationalist garbage.

The android market place has many many quality apps as well as App Brain and other methods of finding the highest quality ones.

The phone is built such that apps do not have access to your sensitive data *unless you let it*. It will ask you if you want the application to access all your private details and the user has full control over the outcome.

Mac users wouldn't want the iPhone app store misrepresented and they shouldn't want misinformation spread about the competitors either.

read my post. this is a real issue.

 

[BBCWatcher]

Apple deserves sharp criticism for having arbitrary, inconsistent, and sometimes downright anti-consumer criteria for excluding applications from the Application Store. There's also no way for the user to override Apple's judgment without jailbreaking.

I don't want "1984," Apple, yet somehow you've forgotten.

 

[Cleve]

With freedom comes responsibility.

Having a more free ecosystem means users will have to exercise more responsibility in what they add to their devices. I'd gladly take this over the Apple model.

Currently there are about double the quoted apps: 75,000 apps (applib.com)

The 20% number is thrown out by a security company. How many times have Mac security companies thrown out inflammatory numbers. The original report says potentially 20%.

"spyware is said to be a growing problem" By who? FUD

Apple should have disabled the apps that pulled people's phone numbers and had operators calling users for updates. It was a swiss mapping program.

 

[dogie678]

Apple deserves sharp criticism for having arbitrary, inconsistent, and sometimes downright anti-consumer criteria for excluding applications from the Application Store. There's also no way for the user to override Apple's judgment without jailbreaking.

I don't want "1984," Apple, yet somehow you've forgotten.

Android has become the Windows of Mobile phones. insecure, crappy, inconsistent.

 

[hexagonheat]

read my post. this is a real issue.

The executable comment is simply not true, read the security blog an sandboxing for android: http://developer.android.com/guide/topics/security/security.html

 

[andyplace]

It should also be noted that apple's killswitch does not remove the app from your device or even disable it, it only turns off location services so the app cannot spy on you.

Google's killswitch just takes your app away.

 

[Gooberton]

Droid lovers, go to droidrumors.com. clearly iPhone is the best device on the planet, and the app store is amazing. why is it that ever stupida.s.s. android phone that comes out is the iPhone "killer" why always trying to beat the iPhone. with your thin plastic back, ugly large camera bump, unnecessarily complicated widget bull crap, and phones the size of a sheet of paper, bigger is NOT better in the smart phone market

 

[dogie678]

The executable comment is simply not true, read the security blog an sandboxing for android: http://developer.android.com/guide/topics/security/security.html

The fact that a security researcher was able to trick 300+ Android users to download the app proves that Androids security isinadequate.

http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/

if Oberheide hadn't presented his research at the SummerCon hacker conference there's no reason to believe that Google would have been aware of the existence of this rogue app in the first place.

what's preventing a hacker from creating a real nasty spyware masquerading as the latest twilight or harry potter app?

 

[tigres]

Who the heck is Jon Johansen? "Few high quality apps"? Give me a break.

Ummm.... He's the original

 

[yg17]

I'd rather have an open system that comes with risks rather than a closed system that is risk free.

 

[nutjob]

This is just FUD. What about a report on the same, and worse for Mac OS software?

 

[JS82189]

Killswitch?? Wat exactly can they do to your phone (including Apple?)??