Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps

[savar]

Yes Apple's approval process makes the app store more secure.

You saying it doesn't make it true. Can you be specific? What are they doing that makes it secure?

Loading it up on a phone and trying it out doesn't improve the security greatly, it just ensures that the app doesn't crash and mostly does what it claims to do. (This seems to be the declared objective of the process, as evidence by Jobs comments during the WWDC keynote.)

didn't you read the article or my posts?

Yeah, I read the article, and I read some of your posts. None of them had anything to do with the security of the iOS store, however. They were mostly about Android market not doing enough. My question is: what does Apple do [specifically] that Google, HP/Palm, or Microsoft does not to improve security?

Ask yourself why this hasn't happened on iPhones (yet), but it already happened on Android phones?

I can't really speculate why. It could be any of the following reasons -- or some mix of them.

1. Apple review process blocks malware that Android market lets through.
2. The researcher in question had some particular reason to target Android market, not iOS market. (Maybe he doesn't own a Mac so he can't run XCode.)
3. It has happened on iOS already, and either has not been noticed or has not been widely reported.

My point is that this is all speculative. Neither you nor I really know which of these possibilities are real and which are not.

Security researcher creates botnet for Android, tricks 300 users to download the app

http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/

I suggest everybody read the article by the same author which preceded that article: http://blogs.forbes.com/firewall/20...mock-botnet-of-twilight-loving-android-users/

Relevant quote:

Oberheide focused on what may be a serious security weakness in Android's App Market: that apps don't have to ask permission from a user to fetch new executable code. Even after an app has been approved for downloads in Google's market, Oberheide says, it can still metamorphose at will into a much less friendly program.

Oberheide, who works for security startup Scio Security, developed an application called "RootStrap" to demonstrate that trust problem for Android apps. After it's installed, Rootstrap periodically "phones home" to check for any new code that Oberheide wants to add to the program, including any hidden control program or "rootkit" that he wished to install--hence the program's name. "This is probably the most effective way to build a mobile botnet," Oberheide told SummerCon's audience of hackers and security researchers.

This is the real point the original researcher was making. So if you write a legitimate contact list manager app and people start downloading it and using it, it can download a new module at some point in the future and start doing bad stuff.

This sounds like a big problem to me. Android phones shouldn't be running unsigned code in the same sandbox as the user's authorized, signed code. Even if Google was reviewing source code or performing static analysis, they would not be able to catch malware if the software downloads it malware components after being installed and blessed by the user.

 

[rsocal]

Well said!!!

Oh please, put a sock in it. Another clueless techtard who thinks everything should be free. You have no idea what you are talking about. For the average user, they have no clue about these things, nor do they want to. They want their systems to work flawlessly every time without having to worry about it. They want ease of use and security in a full featured and functional device, not a technical masters degree. THIS is why Apple is soooo successful and such a great company with great products.

My feelings exactly, Amen!

 

[hitekalex]

Oh wonderful: Steve Jobs innocently uses the word "curate" and suddenly it's the latest buzzword in all the tech blogs. Let's all hang on every word from Steve and reuse it ad nauseam.

Indeed.. I almost puked reading this MR headline. I wish one of these so called "tech journalists" like Walt Mossberg would really challenge Jobs on this "curation" nonsense. Like what were the reasons for "curating" the Google Voice out of Apple Store.. or WiFi Sync app.. or iPad Widget Apps..

Apple and Jobs can take their "curation" (I like to call it technological dictatorship), and shove it where the sun don't shine.

 

[Champ1]

I'm rereading "Atlas Shrugged" and this whole app ecosystem is a prime example of how a lack of individual responsibility can lead to a socialist police state.

Apple & oranges. Drama much.

 

[dogie678]

YWhat about downloading a song or video directly to your device from your favorite music site? Priceless.
I love my Android.

downloading songs, videos and spywares. Priceless indeed.

 

[LtCarter47]

Indeed.. I almost puked reading this MR headline. I wish one of these so called "tech journalists" like Walt Mossberg would really challenge Jobs on this "curation" nonsense. Like what were the reasons for "curating" the Google Voice out of Apple Store.. or WiFi Sync app.. or iPad Widget Apps..

Apple and Jobs can take their "curation" (I like to call it technological dictatorship), and shove it where the sun don't shine.

Amen

 

[MatthewStorm]

downloading songs, videos and spywares. Priceless indeed.

Maybe you download spyware.

I'm a little smarter.

 

[hitekalex]

Why would you hear a transcript of the voicemail as opposed to just listening to the voicemail?

Are you really as dense as you appear from all your posts in this thread, or are you just trolling?

Let's see.. you don't hear a transcript - you look at transcript. A quick glance at a transcript takes a split second, as opposed to dialing into your voicemail and listening to it. Yep, just another thing you cannot do on your "curated" iPhone.

 

[jaykk]

Google (and microsoft) get away with a lot of stuff, still everyone blames Apple.

Apple never used cease and desist against hackintosh community or jailbreak community, but Google and HTC issued cease and desist order against people who root their device.

Google (and MS) collects more private data than apple ever intend to, still Govt is investigating only Apple for privacy policy.

 

[Champ1]

Maybe you download spyware.

I'm a little smarter.

News Flash>"APPLE MAKES PRODUCTS FOR THE TYPICAL USER". You are not one of them. I am. I don't want to have to worry about security and always have my guard up. I have better and more important things to worry about. You might have the time and perhaps rather enjoy fiddling with your tech but the vast majority do not. We just want it to work. (w/ a bumper of course)

 

[dogie678]

News Flash>"APPLE MAKES PRODUCTS FOR THE TYPICAL USER". You are not one of them. I am. I don't want to have to worry about security and always have my guard up. I have better and more important things to worry about. You might have the time and perhaps rather enjoy fiddling with your tech but the vast majority do not. We just want it to work. (w/ a bumper of course)

totally agree.

 

[hitekalex]

Until Android shows me some amazing apps that do not exist on Apple's Appstore BECAUSE of regulation- this whole argument over what's better (open vs regulated) is moot.

Uhmm OK.. Fully integrated Google Voice app.. native Gmail.. Myriad of app allowing me to wirelessly download Music/Videos straight to my phone.. That enough for you?

 

[kalsta]

Guess the compromise factor here is whether you want a reasonably protected environment, or an everyone-for-themselves one. In an ideal world you'd have both, so that 95% of the base users can be satisfied w/o poking their neck inside something potentially terrible, while power users have the ability to do whatever they want at their own potential peril.

Agreed.

 

[MikhailT]

Google (and microsoft) get away with a lot of stuff, still everyone blames Apple.

Apple never used cease and desist against hackintosh community or jailbreak community, but Google and HTC issued cease and desist order against people who root their device.

Google (and MS) collects more private data than apple ever intend to, still Govt is investigating only Apple for privacy policy.

What are you talking about? You need to read the news more often, Google is getting a lot of heat from the congress about the latest WiFi privacy violations and many states are launching a probe against Google about this.

Apple releases software updates to break the jailbreaks instead of sending out cease and desist, and did you forget about ThinkSecret and Gizmodo? Apple isn't a perfect angel here.

MS? You forgot about the government fight against MS for the anti-trust violations? MS is being seen by the government for every actions they take as part of the anti-trust settlements.

 

[dogie678]

Uhmm OK.. Fully integrated Google Voice app.. native Gmail.. Myriad of app allowing me to download Music/Videos straight to my phone.. That enough for you?

3 apps? that's it?

 

[jaykk]

What are you talking about? You need to read the news more often, Google is getting a lot of heat from the congress about the latest WiFi privacy violations and many states are launching a probe against Google about this.

Apple releases software updates to break the jailbreaks instead of sending out cease and desist, and did you forget about ThinkSecret and Gizmodo? Apple isn't a perfect angel here.

MS? You forgot about the government fight against MS for the anti-trust violations? MS is being seen by the government for every actions they take as part of the anti-trust settlements.

MS and Google is getting pressure from European govt. MS got away free in the US.

But google is alarmingly entrenched in our lives. they have licenses to sell power and what not.

 

[Champ1]

3 apps? that's it?

To them its the world. To us "meh"

 

[pdjudd]

Apple releases software updates to break the jailbreaks instead of sending out cease and desist, and did you forget about ThinkSecret and Gizmodo? Apple isn't a perfect angel here.

ThinkSecret is one thing. They were shut down in a civil lawsuit. Gizmodo has yet to be charged and Apple has not made any accusation nor have they in any way sued Gizmodo. They are the subject of a criminal investigation, but that is under the prevue of the state of California and has little to do with Apple beyond them treating the thing as a matter of stolen property.

 

[MikhailT]

MS and Google is getting pressure from European govt. MS got away free in the US.

But google is alarmingly entrenched in our lives. they have licenses to sell power and what not.

You're letting them get entrenched into your life. Nobody said you have to use their products. Google has the right to get into every markets they want to. A monopoly isn't illegal, it's the anti-compeition that's makes it illegal.

 

[nsayer]

With freedom comes responsibility.

Having a more free ecosystem means users will have to exercise more responsibility in what they add to their devices. I'd gladly take this over the Apple model.

I agree in principle with what you're saying. And I have not bought an iPad for exactly this reason.

However, I am willing to accept the limits imposed on what my phone can run in return for the curation role played by Apple. Because it's a phone. I want my phone to be bulletproof even if it can't do everything.

 

[MikhailT]

ThinkSecret is one thing. They were shut down in a civil lawsuit. Gizmodo has yet to be charged and Apple has not made any accusation nor have they in any way sued Gizmodo. They are the subject of a criminal investigation, but that is under the prevue of the state of California and has little to do with Apple beyond them treating the thing as a matter of stolen property.

Ooops, I meant Gawker. I don't even know why I remember Gawker's one, not the point.

I wanted to add Apple's objection on the jailbreaking being an excemption to DMCA.

 

[jaykk]

You're letting them get entrenched into your life. Nobody said you have to use their products. Google has the right to get into every markets they want to. A monopoly isn't illegal, it's the anti-compeition that's makes it illegal.

haha.. read more. MS and google spends more lobbying than Apple. You have no escape from MS and google. You can't stop using their products. If you play a DVD on ur DVD player, MS gets a cut

You are paying Apple Tax only if you buy apple products, but with Google and MS, you are paying even if you use free software like Linux.

Apple spends least on lobbying/

 

[MikhailT]

haha.. read more. MS and google spends more lobbying than Apple. You have no escape from MS and google. You can't stop using their products. If you play a DVD on ur DVD player, MS gets a cut

You are paying Apple Tax only if you buy apple products, but with Google and MS, you are paying even if you use free software like Linux.

Apple spends least on lobbying/

Exactly how am I paying MS and Google when I use ubuntu?

 

[darthvapor]

In a society where people seem to think they are defined by what devices they own, if one person or one company has absolute control over those devices, they define the people who own them. What ever happen to think different? It’s more like think the same. Trying to protect everyone and give us all the best experience seems to be a parallel plot line to the movie the Truman Show, and we know how that ended.

 

[jaykk]

Exactly how am I paying MS and Google when I use ubuntu?

If you buy any computer from manufacturers like Dell, HP, even if it ships with Linux, MS charges full license fee. Now they even made a deal with HTC, so even if HTC sells an android phone, MS gets a cut.