Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
also, not to mention beautifully built hardware to go along with it.
Btw that evo is pretty hideous in comparison.
Coulda, shoulda, and woulda aint gonna happen. First off, Google isn't any part of the post-software deal. They wrote an open OS, threw it on the market and it's "Let the buyer beware" from that point on. The open OS is laying there totally exposed and hackable. Someone labeled the Droid app market as a minefield and that's very accurate.
The growing diversity of phones using the Android OS is growing monthly and the problem of policing the apps is only becoming harder and more complex. It's only a matter of a couple more years before Android phones can be hijacked and all you'll need to do is answer your phone.
Nope.
Will give google voice half marks. You can use most of the features as a web app.
One app allowing wireless download of music and videos is good enough, especially since its the biggest seller of music in the world.
An OS from Google has native Google mail app?? What wonder? The question should actually be, why is their app for other mail providers so bad..
I want phones to be open for the same reasons I want my OS to be open (not open source, open in that I can install whatever I want).
I purposefully installed a curated app store on my PC... Steam. I like it a lot. It gives indie developers a lot of free exposure that they would not otherwise get. It takes care of installation and patching and community services. I like that the store is provided by a different company than the OS.
I also like to go to indie game blogs that point me to developer sites where I can download games directly from them. I've found tons of great games that aren't available on Steam.
I also like programming in any language I want to. Usually stuff like "Processing", because I am a n00b.
Do you think OS X and Windows would be better if Apple and Microsoft had to approve each app for their respective OS?
To each their own. I like both app stores. Apple has a more user friendly safe app store, google has one that should be used a little smarter by people.
I have made a few apps for android phones for a company that wanted to test them as a replacement for the blackberry. I do like how easy it is to get my apps on the market, but it will need some kind of additional steps to clean it up when spyware and the likes really start to get around, and it will.
I don't think google will let it turn into that though. Well I really don't care I guess, I don't own a android phone anyways.
I have made a few apps for android phones for a company that wanted to test them as a replacement for the blackberry. I do like how easy it is to get my apps on the market, but it will need some kind of additional steps to clean it up when spyware and the likes really start to get around, and it will.
I don't think google will let it turn into that though. Well I really don't care I guess, I don't own a android phone anyways.
So now will the Android fanboys admit that an open market is not always better than Apple's curated App Store? Open market is basically a recipe for disaster. Not everyone will play nice. That's why we have the invisible hand in the US capitalism economy. Still this is troubling because I'm still using an Android device until I get my white iPhone 4. :S
Code signing, restrictions on running interpreted code and automated binary testing. As you point out, we don't know exactly what kind of malware prevention techniques the review process may or may not provide, but it certainly provides a "hook" for Apple to mitigate new threats as they appear. The bottom line is that Apple's curated approach, combined with technical measures like code signing, enables a far higher level of security than Google's "buyer beware" approach. This will be proven over time.
The Trouble with Apple and Google's mobile stores
It's interesting. I've been reading more about this, and trying to avoid flame wars is ridiculously unhelpful. What I've been watching are two distinct things. Privacy issues and malicious applications (like identity theft, etc).
On Apple's App Store, Steve Jobs made a comment during the All Things D Conference 2010, that Apple was taken off guard by the degree of "spyware" proliferating through their mobile store. They'd recently changed their developer agreements to limit (contractually) what information developers can have a third party ad system collect outside of direct benefit to customers. Specifically he'd mentioned how Flurry analytics was tracking new Apple devices on the Apple campus.
In other news, at the beginning of this year, Google noteably pulled a number of apps from its market place that used the trademarks and logos of numerous banks... offering "banking apps" for each of these banks. The potential for fraud was so significant, Google shut these apps down in the absence of any evidence of wrong-doing. They also remotely disabled apps from some researchers that were being used to determine how permissive people were being when downloading applications that are granted access to certain services at download time.
The most concerning thing about Google's Android Marketplace, is that Google relies explicitly on the community to police the market. Anyone submitting an app gets an automatic screening, before being made available to everyone. Recently, at Apple's WWDC conference, Jobs cited that one of the top reasons for denying apps, is that the app does not do what it says it does.
This was in fact the subject of the researchers mentioned above. If they released an app that doesn't do what it says it is supposed to... then, who's to know? It's one thing when its tricking Apple's App Store reviewers, but tricking Android users by providing value WHILE stealing information, sounds like a brilliant combination.
Even I'm being a little vague about the distinctions here, but I think its important. I've said this before in other online forums... but Android Marketplace SCARES ME. Someone needs to unapologetically HIT both Apple's App Store and Android Marketplace with some serious security criticisms. Systematic. Non-partisan. Scientific. What I expect they'll find is that Apple's approach has tremendous long-term security & privacy problems (I've become incensed at the amount of apps that ask your location data for NO CLEAR REASON). They'll also determine that Google's Android Marketplace is a fraud and scam artist's wet dream. Not only does Google allow clear and persistent copyright violations on a regular basis (noteably Apple removed over 700 apps from a developer they determined to be breaking numerous copyrights. For its part, Google seems perfectly happy with the "YouTube" approach to resolving trademark and copyright abuse.
This is not about INTENT on Apple's or Google's part. They both intend well. This is about social engineering. You can't compare a cell phone to a desktop computer. Cellphones are an encapsulated nexus of highly sensitive information. Apple allows the Dragon Dictate app to upload contact info from a user's Address Book, but cited this behavior in Google Voice as worthy of concern. Yet and still, a huge row broke out over the lack of clarity from Dragon Dictate's developer, on how this information was being used (namely to help with speak recognition).
Google says its billing "confirms" their developers are "real" people. I think this is rather EASILY fooled (just due to the nature of things, its amazing sometimes to watch how a sneaky idea, and misdirection can bypass the most intense security). Google says users explicitly "agree" to allow access to certain areas and functions of their phone. Apple recently added a location indicator to show that any application on your iPhone has requested your location in the last hour. In Settings they give an easy way to identify each location aware app, and if it has requested said information. I remember thinking, "Oh, that's odd for them to add", before realizing how much of an ongoing issue this type of data scraping was becoming. For instance... if you allow your "ringtone" app to access your location, how do you know what they're using it for? After you agree, how do you know whether they abuse this permission on a regular basis?
We're headed to an interesting place in the mobile sector, and given the article above, I'm deeply concerned about Google's methods here. Hitting end-users with technical permission requests (my mother has no idea what "authentication" means) and having only automated FILTERS for protecting users from newly released malware (and developers from comment spam), seems absolutely insane.
Apple is far from innocent here, but appears to be taking proactive measures to react to these new threat vectors (because its in a position of control). Google's biggest challenges seem to rest on its ENTIRE MODEL of an "open" software store for mobile devices. There's not much to "fix", it really needs to be entirely reconsidered.
Android Market seems to FILTER out a lot of "crap", but when returning searches, astroturf can rise very easily to the top. The podcaster that runs the iPhone podcast "Today in iPhone" took up the cause for publicizing the practice of "paid reviews" in the App Store. These type of issues are disturbing for new buyers, but seem to pale in comparison to Google's challenges.
Two of the biggest assets of ANY store, is its ability to protect its customers and the perception of quality in its offerings. On the second item, both Google and Microsoft have been trying to persuade popular Apple App Store developers to port titles to their respective platforms. On the first however, Google has some MAJOR challenges ahead. They're geniuses, but I'm thinking that there is a limit of problems that even genius cannot overcome.
~ CB
It's interesting. I've been reading more about this, and trying to avoid flame wars is ridiculously unhelpful. What I've been watching are two distinct things. Privacy issues and malicious applications (like identity theft, etc).
On Apple's App Store, Steve Jobs made a comment during the All Things D Conference 2010, that Apple was taken off guard by the degree of "spyware" proliferating through their mobile store. They'd recently changed their developer agreements to limit (contractually) what information developers can have a third party ad system collect outside of direct benefit to customers. Specifically he'd mentioned how Flurry analytics was tracking new Apple devices on the Apple campus.
In other news, at the beginning of this year, Google noteably pulled a number of apps from its market place that used the trademarks and logos of numerous banks... offering "banking apps" for each of these banks. The potential for fraud was so significant, Google shut these apps down in the absence of any evidence of wrong-doing. They also remotely disabled apps from some researchers that were being used to determine how permissive people were being when downloading applications that are granted access to certain services at download time.
The most concerning thing about Google's Android Marketplace, is that Google relies explicitly on the community to police the market. Anyone submitting an app gets an automatic screening, before being made available to everyone. Recently, at Apple's WWDC conference, Jobs cited that one of the top reasons for denying apps, is that the app does not do what it says it does.
This was in fact the subject of the researchers mentioned above. If they released an app that doesn't do what it says it is supposed to... then, who's to know? It's one thing when its tricking Apple's App Store reviewers, but tricking Android users by providing value WHILE stealing information, sounds like a brilliant combination.
Even I'm being a little vague about the distinctions here, but I think its important. I've said this before in other online forums... but Android Marketplace SCARES ME. Someone needs to unapologetically HIT both Apple's App Store and Android Marketplace with some serious security criticisms. Systematic. Non-partisan. Scientific. What I expect they'll find is that Apple's approach has tremendous long-term security & privacy problems (I've become incensed at the amount of apps that ask your location data for NO CLEAR REASON). They'll also determine that Google's Android Marketplace is a fraud and scam artist's wet dream. Not only does Google allow clear and persistent copyright violations on a regular basis (noteably Apple removed over 700 apps from a developer they determined to be breaking numerous copyrights. For its part, Google seems perfectly happy with the "YouTube" approach to resolving trademark and copyright abuse.
This is not about INTENT on Apple's or Google's part. They both intend well. This is about social engineering. You can't compare a cell phone to a desktop computer. Cellphones are an encapsulated nexus of highly sensitive information. Apple allows the Dragon Dictate app to upload contact info from a user's Address Book, but cited this behavior in Google Voice as worthy of concern. Yet and still, a huge row broke out over the lack of clarity from Dragon Dictate's developer, on how this information was being used (namely to help with speak recognition).
Google says its billing "confirms" their developers are "real" people. I think this is rather EASILY fooled (just due to the nature of things, its amazing sometimes to watch how a sneaky idea, and misdirection can bypass the most intense security). Google says users explicitly "agree" to allow access to certain areas and functions of their phone. Apple recently added a location indicator to show that any application on your iPhone has requested your location in the last hour. In Settings they give an easy way to identify each location aware app, and if it has requested said information. I remember thinking, "Oh, that's odd for them to add", before realizing how much of an ongoing issue this type of data scraping was becoming. For instance... if you allow your "ringtone" app to access your location, how do you know what they're using it for? After you agree, how do you know whether they abuse this permission on a regular basis?
We're headed to an interesting place in the mobile sector, and given the article above, I'm deeply concerned about Google's methods here. Hitting end-users with technical permission requests (my mother has no idea what "authentication" means) and having only automated FILTERS for protecting users from newly released malware (and developers from comment spam), seems absolutely insane.
Apple is far from innocent here, but appears to be taking proactive measures to react to these new threat vectors (because its in a position of control). Google's biggest challenges seem to rest on its ENTIRE MODEL of an "open" software store for mobile devices. There's not much to "fix", it really needs to be entirely reconsidered.
Android Market seems to FILTER out a lot of "crap", but when returning searches, astroturf can rise very easily to the top. The podcaster that runs the iPhone podcast "Today in iPhone" took up the cause for publicizing the practice of "paid reviews" in the App Store. These type of issues are disturbing for new buyers, but seem to pale in comparison to Google's challenges.
Two of the biggest assets of ANY store, is its ability to protect its customers and the perception of quality in its offerings. On the second item, both Google and Microsoft have been trying to persuade popular Apple App Store developers to port titles to their respective platforms. On the first however, Google has some MAJOR challenges ahead. They're geniuses, but I'm thinking that there is a limit of problems that even genius cannot overcome.
~ CB
Only by having an open system can you hook a kite to the antenna in a thunderstorm and be able to talk directly with Lord Xenu on Planet Teegeeack and not have to buy an auditing device and go through Tom Cruise. It's much cheaper, trust me.
How do we know the apps we download for OS X (or Windows) do not have an unpatched backdoors that are concealed? Well, the answer is that we do not know. Does this lack of knowledge prevent us from installing applications? No, it does not.
So what to do? First look at the source, second look for user reviews, and third, when in doubt, do not give it access to critical information.
Also, the policing of the App store has gone way past looking for malware, its also used to keeps profits flowing to Apple and ATT (e.g. Google Voice and NetShare). Apple is abusing their gatekeeper status.
Your statement pretty much summarizes the fundamental difference between Android and Apple ecosystems. In one - you get a choice in everything.. app stores.. content providers.. email clients.. music players.. ways to get your content on your phone.. While in the other.. "one is good enough". And it better be good enough since you're physically restricted from exercising any alternatives (unless you jailbreak).
Personally, I like that silly notion of being able to choose how to use my phone and what apps to run on it.. rather than having a giant corporation with a megalomaniacal CEO deciding for me... But that's just me!
I for one appreciate not have to worry about this nonsense.
I like that the closed apple ecosystem provides for a consistently much higher level of application from the ground up.
Right out of the box you know the average app will be better.
As more malicious apps show up in the unprotected ecosystems, you will be faced with even more and more applications and malicious users to take their turn. Some will be disguised very well inside of full functioning and useful programs.
I don't need that kind of "freedom" in my life. Freedom for others to annoy me. I have more important things to worry about. So I hope all the android users enjoy their open experience.
I like that the closed apple ecosystem provides for a consistently much higher level of application from the ground up.
Right out of the box you know the average app will be better.
As more malicious apps show up in the unprotected ecosystems, you will be faced with even more and more applications and malicious users to take their turn. Some will be disguised very well inside of full functioning and useful programs.
I don't need that kind of "freedom" in my life. Freedom for others to annoy me. I have more important things to worry about. So I hope all the android users enjoy their open experience.
Macs should NEVER be allowed in the Enterprise.
By that logic, neither should the Mac. Mac is just as open as Android. Even more so, there's not even a Mac store or any way to yank Mac apps that have been identified as malware.
That's why I have thrown all of my computers away. Just too risky. If it can't be done on an iPad, I don't do it. I can't believe there are fools out there still using Macs, some with software Steve Jobs has never heard of installed on them. That's just reckless, that's what that is.
But fortunately SJ is looking out for us. He'll soon do away with Mac and OS X (as he already has at WWDC) and then we will be free from personal risk.
By that logic, neither should the Mac. Mac is just as open as Android. Even more so, there's not even a Mac store or any way to yank Mac apps that have been identified as malware.
That's why I have thrown all of my computers away. Just too risky. If it can't be done on an iPad, I don't do it. I can't believe there are fools out there still using Macs, some with software Steve Jobs has never heard of installed on them. That's just reckless, that's what that is.
But fortunately SJ is looking out for us. He'll soon do away with Mac and OS X (as he already has at WWDC) and then we will be free from personal risk.
People also need to realize these mobile OS marketplaces are worlds different than traditional open computer marketplaces.
If you want to create a malicious program on a computer you have to piggyback it on something legitimate or come up with a program and then essentially market it to get people to download it. This takes time and resources and creates exposure.
BY popping up a program on an unprotected mobile OS marketplace, some people will just download and install and run your software without you having done anything beyond uploading it. So it is a magnitude easier to get malicious programs onto devices compared to doing it via desktops and laptops.
If you want to create a malicious program on a computer you have to piggyback it on something legitimate or come up with a program and then essentially market it to get people to download it. This takes time and resources and creates exposure.
BY popping up a program on an unprotected mobile OS marketplace, some people will just download and install and run your software without you having done anything beyond uploading it. So it is a magnitude easier to get malicious programs onto devices compared to doing it via desktops and laptops.
Android security and privacy issues are getting a lot of attention the past few days.
Googles mismanagement of the Android Market
http://nanocr.eu/2010/06/27/googles-mismanagement-of-the-android-market/
Report says be aware of what your Android app does
http://news.cnet.com/8301-27080_3-20008518-245.html
Is Google far too much in love with engineering?
http://news.cnet.com/8301-17852_3-20008253-71.html
Security researcher creates botnet for Android, tricks 300 users to download the app
http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/
Googles mismanagement of the Android Market
http://nanocr.eu/2010/06/27/googles-mismanagement-of-the-android-market/
Report says be aware of what your Android app does
http://news.cnet.com/8301-27080_3-20008518-245.html
Is Google far too much in love with engineering?
http://news.cnet.com/8301-17852_3-20008253-71.html
Security researcher creates botnet for Android, tricks 300 users to download the app
http://blogs.forbes.com/firewall/20...letes-and-downplays-botnet-demo-android-apps/