Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps
About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.
While most of these apps are not malicious, spyware is said to be a growing problem. Google denies it being a real issue, however, and points out that users must explicitly allow applications to get access to the data. While true, Jon Johansen disputes the practicality of these checks and also believes that Google's lack of curation is hurting their marketplace:Google does far too little curation of the Android Market, and it shows. Unlike Apple's App Store, the Android Market has few high quality apps.
...
Below are just a few examples of what's wrong with the Android Market. Those 144 spam ringtone apps (which are clearly infringing copyright) are currently cluttering the top ranks of the Multimedia category. I was not surprised to find that they were being monetized through Google Ads.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data -- or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
The removed apps were said to be a theoretical demonstration of how to create a "botnet" of hijacked phones.By cloaking an application capable of "fetching" new exploit code at will in a fake application offering preview pictures of the upcoming "Twilight Eclipse" film, he tricked more than 300 users into downloading the software. The lesson: a less friendly developer could have used that bait and switch to plant malware on users' devices.
Top Rated Comments
(View all)
Having a more free ecosystem means users will have to exercise more responsibility in what they add to their devices. I'd gladly take this over the Apple model.
With freedom comes responsibility.
Having a more free ecosystem means users will have to exercise more reasonability in what they add to their devices. I'd gladly take this over the Apple model.
No, it means that the android market is a god damned minefield. Android apologists....
Who the heck is Jon Johansen? "Few high quality apps"? Give me a break.
There's this thing called Google...but you may have not heard of that either since you seem to be living under a rock. :D
With freedom comes responsibility.
Having a more free ecosystem means users will have to exercise more reasonability in what they add to their devices. I'd gladly take this over the Apple model.
How does a user know if the the application isn't a malware? There's nothing in place to protect the users. There's no "exercising" responsibility or "reasonability" if the information isn't forecoming. People's reviews and/or comments does nothing to prevent the fact that most people do not test against information leaks, so this isn't a compromise either for a community based marketplace.
The fact that Google took actions AFTER somebody ran a test is really unacceptable. Why didn't Google test in the first place? They can continue the same practice they have right now but they still need to review the apps to make sure the users are not compromising their privacy or risking security issues. They don't need to block all incoming applications, they should just reviews the applications while they are on the market and remove if anything was found and ban the developers from the market for breaking the ToS.
http://blogs.forbes.com/firewall/2010/06/25/google-flips-kill-switch-deletes-and-downplays-botnet-demo-android-apps/
Security researcher creates botnet for Android, tricks 300 users to download the app
if Oberheide hadn't presented his research at the SummerCon hacker conference there's no reason to believe that Google would have been aware of the existence of this rogue app in the first place.
Android should NEVER be allowed in the Enterprise.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
