Android's Uncurated App Marketplace Draws Criticism, Google Activates 'Kill Switch' on Two Apps
Given the amount of criticism that Apple has received for their curated App Store, it should be interesting to see that Google's unmoderated solution for Android is not without its own criticisms. CNet reported on the high potential for abuse in the Android marketplace:
About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.
While most of these apps are not malicious, spyware is said to be a growing problem. Google denies it being a real issue, however, and points out that users must explicitly allow applications to get access to the data. While true, Jon Johansen disputes the practicality of these checks and also believes that Google's lack of curation is hurting their marketplace:
Google does far too little curation of the Android Market, and it shows. Unlike Apple's App Store, the Android Market has few high quality apps.
Below are just a few examples of what's wrong with the Android Market. Those 144 spam ringtone apps (which are clearly infringing copyright) are currently cluttering the top ranks of the Multimedia category. I was not surprised to find that they were being monetized through Google Ads.
Meanwhile, this past week, Google remotely disabled two apps from all Android phones. This so-called "Kill Switch" received a lot of publicity when it was revealed that Apple had the same functionality for the App Store. So far, Apple has not been known to have triggered it. According to Google, the remotely disabled apps were not malicious, but misrepresented themselves in order to encourage downloads:
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data -- or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
The removed apps were said to be a theoretical demonstration of how to create a "botnet" of hijacked phones.
By cloaking an application capable of "fetching" new exploit code at will in a fake application offering preview pictures of the upcoming "Twilight Eclipse" film, he tricked more than 300 users into downloading the software. The lesson: a less friendly developer could have used that bait and switch to plant malware on users' devices.