Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
The Us v Them mentality
I don't get it. Everyone is so passionate about this. From either side. In my opinion, I think this is the perfect scenario. Having a totally curated eco-system for all those that find it does everything they want in a secure closed manner (I put my hand up here) AND a totally open environment for everyone who wants the freedom that comes from an open framework.
They're not mutually exclusive. They both offer benefits / advantages / disadvantages based on individual needs / wants and hopefully, both drive each other to greater things. We all get to make our choice which way to go here. And our choices are no more correct that the other.
And to buy in to the emotion for a second, just because this is an Apple focused forum doesn't mean you can't say something negative against the iphone. IMO it is the best smartphone on the market, but it would be a boring forum if all I got to hear were people sprouting exactly that!
I don't get it. Everyone is so passionate about this. From either side. In my opinion, I think this is the perfect scenario. Having a totally curated eco-system for all those that find it does everything they want in a secure closed manner (I put my hand up here) AND a totally open environment for everyone who wants the freedom that comes from an open framework.
They're not mutually exclusive. They both offer benefits / advantages / disadvantages based on individual needs / wants and hopefully, both drive each other to greater things. We all get to make our choice which way to go here. And our choices are no more correct that the other.
And to buy in to the emotion for a second, just because this is an Apple focused forum doesn't mean you can't say something negative against the iphone. IMO it is the best smartphone on the market, but it would be a boring forum if all I got to hear were people sprouting exactly that!
The iPhone supports both environments.
App Store = reviewed and currated
HTML 5 apps = no restrictions
Exactly. Why else would they be developing and distributing a free and open source operating system for mobile devices? Its pretty easy to tell that it plays right in to their bottom line: advertising. If you use android, you have constant access to your google crack/apps. The more you use and become dependent on them the more money google makes. Thats absolutely the bottom line and I pity the fool that can't understand this.
It comes down to this: Google really only makes money on ads. Apple has high margins on hardware and software. Thats where they make their bread and butter. They're a lot less interested in tracking everything you do because they make money off of you in different ways.
But how does Apple check them? They don't have the source code for these apps, so it would take ages for an expert to review the binary to determine whether it contains malware or not.
Are they running static analysis on all of the binaries they receive? That is plausible, but static analysis is still a new field and seems error-prone to rely on.
The one difference I see is that Apple has your CC # (I assume Google doesn't require the same for Android store) but a really determined crook can probably steal a credit card, so it's a mitigation but not a cure-all.
It's an interesting topic. I don't think anybody here really knows what they're talking about (myself included), since none of us work for Apple.
"Google denies it being a real issue, however, and points out that users must explicitly allow applications to get access to the data." That's not really true since downloading and installation of an app simply requires a user to select Continue (or the equivalent) when presented with a list of what phone features to which the app will have access. The user has no way of knowing to what extent that access will be used maliciously.
And I'd argue that Apple doesn't even know the process because, as Steve Jobs said himself, they're still learning.
Apple's approval and review process is not perfect, but it's better than not having one.
I'll go exactly the other way. Responsibility isn't too bad if there is transparency. Please explain how one gets informed to take the responsibility.
For me, there is plenty of choice on the Apple App store and I feel safe downloading what is out there without having to waste time on due diligence.
How is smartphone not like a computer? It's a small form of a computer that has a radio attached to it. You can use a computer to make calls as well.
Average or above intelligence as well as the ability to read does nothing to prevent people from getting mislead by hackers on the marketplace.
People have reasonable expectation that the applications on the marketplace has somewhat been "tested" for spyware/malware. After all, it's the central location being managed by a company, why shouldn't the company be testing the applications in the first place?
While it can't be prevented completely, at least there should be a system to test against the information leaks regardless. Google doesn't have to lock the store down, just run and review the source code at any time to make sure nothing is being let out that it shouldn't be.
This is a problem for Apple's App store as well but it is far less likely as the reviewers will check for that. It won't have 100% prevention but at least better than the marketplace.
The review process isn't going to prevent this, it just makes it far less likely to happen compared to the marketplace.
In one of the reports, Google said they do process the billing details for legitimacy but it is not clear if it is done for free applications as well.
That's right, but can you say that the Android marketplace is the same as the Apple's closed review process? It does make sense for the marketplace to have much higher chance of spyware than it does for App Store.
Because you deleted it, or never downloaded it in the first place. Apple never used the kill switch, they just removed the app from the store. If an app is pulled you can still use the ipa you have installed on your device or your computer.
Nice try.
I'm not arguing that point -- my question has to do with security specifically. E.g. "Does Apple's review process make iOS store more secure than other vendor's app stores?"
I haven't heard any convincing arguments that it does.
(Disclaimer: I'm an iphone fan and also interested in security. This is purely a mental exercise for me. I'm not trying to fan the flames.)
The exclusivity of Google being the one to make money from its users by selling ads remains to be seen. Apple seems to be trying to do the same thing with its ads.
No restrictions except the restrictions that HTML5 apps have. i.e. They can't do as much as native apps. Such as work without a internet connection.
Even Apple figured that out after the initial 'no native apps except from us' iPhone OS 1.0.
In this Android case, the developers were not unknown.
Google has developer contact information as well.
That's the whole point of sponsored app stores... the developers are known, and thus any malicious (or for that matter, buggy) app can be backtraced.
As for "less likely", there's no reason why someone couldn't put out an iPhone app that waited months before triggering. iOS4 just patched a couple of hundred security holes. Apple vetting an app in a few days cannot prevent a malicious app.
For that matter, please recall that the first iPhone OS update was forced out of Apple because a third party found a Safari hole that allowed downloading remote execution code.
In other words, just as with this case... or the ATT email case... a third party took it upon themselves to find and publicize security holes that might otherwise not be known. The sky is not falling, however.
Yes Apple's approval process makes the app store more secure. didn't you read the article or my posts?
Ask yourself why this hasn't happened on iPhones (yet), but it already happened on Android phones?
Security researcher creates botnet for Android, tricks 300 users to download the app
http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/
Normal users don't blur the line between smartphone and computer. They still see them as two distinct devices no matter how close they get to each other. It will always remain that way. You tell most people they can use their computer to make a phone call and they'll look at you like you're nuts.
As for you saying users are being misled - yes, they might be but they're misleading themselves by being completely ignorant of their own habits.
HTML5 apps could run without a data connection. They could be cached to run locally. Could being the key word.
My (and most people's problem) with the App Store approval process is the rejection of apps like those supporting WiFi syncing. It doesn't replicate a core functionality and poses little to no security risk. If Apple ever gets around to implementing it, then it's very likely that people would end up using Apple's (likely more elegant) solution so it doesn't hurt them.
On the security aspect of regulation, I'm on Apple's side. If I'm bored and download a game, I don't want to find out a month later that it took it all my contacts under some guise and sent them to some spam list.
Also, those of your comparing this to some grand political social oppression are quacks. Go to a country where that really exists. I assure you, having been to many such countries, that the regulation of iOS is just a bit removed from how people there are forced to live.
On the security aspect of regulation, I'm on Apple's side. If I'm bored and download a game, I don't want to find out a month later that it took it all my contacts under some guise and sent them to some spam list.
Also, those of your comparing this to some grand political social oppression are quacks. Go to a country where that really exists. I assure you, having been to many such countries, that the regulation of iOS is just a bit removed from how people there are forced to live.
Google doesn't need to wait and see, they already make tons off of you and everyone else regularly without android devices just by using one of the many free goggle services available on every platform. Mobile devices are just another market for them to sell ads, either in app via admod, or in browser (on any mobile device) via search.