backtop


Print 19 comment(s) - last by djc208.. on Jan 13 at 4:55 PM

Google finds that some are abusive of its app store permissiveness

With a few scant exceptions like unauthorized tethering apps, Google has been rather permissive in what it allows on its Android Market -- its counter to the iTunes App Store.  Whereas approval through Apple can be filled with months of rejections and delays for some unlucky developers, Google has tried harder to make the process of publishing an app as straight forward as possible.

Some malicious parties, though, have tried to take advantage of the company's permissive nature.  On December 22, First Tech Credit Union wrote that a "fraudster developed a rogue Android Smartphone app" that spoofs users with a fake bank interface, trying to get users to fill in their account information.  That day BayPort Credit Union's mobile bank provider, MShift, announced similar concerns, stating that it had contacted Google on the December 15 about another rogue app.

It turns out that the developer -- 09Droid -- actually had a plethora of fake bank apps available on the Android Market, including apps posing as Chase, Sun Trust and Bank of America.  Google has at last removed those apps from the market, explaining that they clearly violate its terms of use.

Writes a Google spokesperson, "The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

They add, "For example, we have a policy against inappropriate content, which includes malware. A developer must also abide by our Developer Distribution Agreement in order to upload an application to Android Market. We also may check applications for compliance with the Market Content Policies (in order to remove malware, porn, spam, or profanity)."

While the Android Market clearly has rules, it is an interesting question whether Google's permissiveness is the reason rogue apps like this have been able to slip through to a greater degree than competitor Apple.  Despite an enormous volume of apps, few, if any, rogue apps have made it to Apple's iTunes App store thus far.

Regardless of the answer to that question, Mikko Hyppönen, chief research officer at F-Secure, says rogue applications are a sign of smart phone attack attempts to come.  He also points out that smart phone manufacturer Symbian's app approval process has also been subverted.  He writes, "Some of them will try to target online banking, others will try to call premium-rate numbers or send text message spam and so [on]. Signing and certifying programs are in a key position on smartphone systems to prevent problems like this ... [although] we have seen the 'Signed by Symbian' certification process subverted a couple of times."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Dumb laws
By Visual on 1/13/2010 8:43:03 AM , Rating: 5
This is such an extreme case of obvious fraud attempt that I'd say there should be enough grounds to prosecute this specific developer.
Are there no real laws that can apply in this case, besides Google's own TOS?
Simply removing the offending apps does not seem like sufficient or adequate counter measure to me.




RE: Dumb laws
By serkol on 1/13/10, Rating: -1
RE: Dumb laws
By Shadrack2 on 1/13/2010 9:45:10 AM , Rating: 5
Agreed, it's ridiculous that someone could clearly make an outright attempt to rob people and get less than a stern lecture.

"No Johnny, No. If you keep trying to destroy peoples lives I'm going to give you a time out, I mean it this time."


RE: Dumb laws
By bhieb on 1/13/2010 9:55:28 AM , Rating: 2
What is really bad is that Google did not catch these obvious apps, until after they were in the hands of users. Too loose of a policy if you ask me.

Just like Google (and all business) though, they want to reap the biggest rewards with the least amount of effort.

To bring about real change. The person to go after IMO is Google for gross negligence. If the app developer TOS says no malware, then surely Google has to provide a reasonable level of security to it's users that the TOS is being enforced in real time. Not like this where they let the bad apps sit there for awhile before doing a "house" cleaning.

There needs to be some sort of pre-screen.


RE: Dumb laws
By reader1 on 1/13/10, Rating: -1
RE: Dumb laws
By bhieb on 1/13/2010 10:43:21 AM , Rating: 2
quote:
The current era of computers is the Wild West: it's lawless and unsustainable.


Good analogy, but arguably it must be to allow for the wild rapid expansion that has existed. So it is not all bad.

In a way the PC/Internet is already becoming "closed" via 3rd party apps such as AV/spam filters. They essentially pre-screens content.


RE: Dumb laws
By d3872 on 1/13/2010 11:09:56 AM , Rating: 2
quote:
There needs to be some sort of pre-screen.


Sigh.

I've developed an app that I call the "Happy Happy Joy Joy" App! It plays the Happy Happy Joy Joy song whenever one of your friends calls. What a fun, silly, harmless little app. Also, on March 14, 2010 it changes it's name to "Bank of America Online Access", presents a different user interface and starts collecting account numbers.


RE: Dumb laws
By Visual on 1/13/2010 11:46:36 AM , Rating: 4
I don't agree. Google do not have to pre-screen for such apps, or even do not have to remove them when they have been reported by users. It's cool if they do that, but I would not be mad at them if they didn't.

Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after. The original developer is the one that is committing fraud, and actions should be taken against them only. The host can and should help in this by providing information to help reveal their identity, but should not be blamed for hosting the offending content.

I like the idea of having free hosting of apps in general, in more meanings than just price-wise. I do not want censure.


RE: Dumb laws
By bhieb on 1/13/2010 2:00:30 PM , Rating: 2
quote:
Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after.

Your analogy is flawed. Problem is this is not some random app I installed of some random torrent/site. This is Google's App store, and you have to have their permission to develop for it (however lacking the process is). Therefore they share some of the responsibility for the quality that store offers.

The users did not go to some random site, they when to a Google sponsored site. If I go to and MS/Apple/Google or whatever "store" and the product they sold was malicious, they absolutely share in the blame.

They are not the main cause, but their policy certainly is. I mean it is Google for Pete's sake, they should know better than anyone what kind of crap will get put on their site if they have a post-review process. Hell try to publish an open forum and see how long it takes to get completely overran but malicious posts.

Bots don't give a rats ass about TOS's, you HAVE to pre-screen or your site will not be trusted. Otherwise Google has taken a if no one complains do what you want stance. Not an acceptable model for any kind of e-store, free or paid.


No
By Abrahmm on 1/13/2010 3:07:28 PM , Rating: 2
Google most definitely does not need to pre-screen apps before publishing them. People need to use a little common sense, and not download a banking app from a no name developer.

The openness of Google's system is what makes it so much better than the iPhone and other competing devices. Closed systems are the wrong direction that technology needs to proceed in.




Bank apps?
By xmichaelx on 1/13/2010 3:47:10 PM , Rating: 2
Frankly, you'd have to be an idiot to buy or use these apps. People must be buying these to help them finance a Nigerian prince in need.




Wake up Google!
By drycrust3 on 1/13/2010 1:12:55 PM , Rating: 1
quote:
Google has at last removed those apps from the market


My experience with experimenting with many different Linux distributions, and regularly using Ubuntu, is that they use a central repository system, where all the officially approved software can be downloaded from. My guess is Android also uses such a system, and that they had not only made this malware available for downloading in their central repository without testing it, but then when security concerns arose they didn't immediately respond to such concerns.
I did download Android tried it on my pc, but was very unimpressed by it. If this was an amateur's first attempt, then I would be impressed; but it isn't. I can't remember the exact problem that caused me to bin it, but it was something really obvious like not being able to turn off you PC. Sorry, but using the "power button" isn't considered good practice on a pc. Now this!
Like it or not, the impression given by such a slow response is that Linux distributions aren't security conscious, which is untrue. The writer of this article hasn't suggested the malware got into other central repositories, so my guess is ALL the other distributions REFUSED to accept such applications because they tested them first.




App Store > Android Market
By reader1 on 1/13/10, Rating: -1
RE: App Store > Android Market
By reader1 on 1/13/10, Rating: -1
By damianrobertjones on 1/13/2010 9:41:52 AM , Rating: 2
But... most people I know have jailbroken their iPhones. Lock something down, people will break into it.


RE: App Store > Android Market
By djc208 on 1/13/2010 9:54:56 AM , Rating: 2
quote:
Android has no chance against the iPhone because it's not a closed platform. Closed platforms are more secure, have less piracy and make a lot more money for developers.


Sure, that's why Mac is more popular then PCs, and why Apple changed to Intel vs PowerPC. And we've all read how much more secure OS X is than Windows or Linux.

Google and Android has some growing to do for certain. And as with any system, the more freedom the greater the dangers and risks. But time and again open systems have evolved to be more popular and usually better than closed versions.

Besides, it's only a matter of time before this starts to affect Apple too. If reduced or free Android apps prove good enough to draw users to Android then how long before developers either need to move to stay with the market, or have to reduce or eliminate prices to compete against Android counterparts?

We've already heard of blocked apps that Apple or AT&T have killed because they don't want the competition or strain on their systems. These are the types of apps that will start to win Android market share.


RE: App Store > Android Market
By reader1 on 1/13/10, Rating: -1
RE: App Store > Android Market
By djc208 on 1/13/2010 4:55:06 PM , Rating: 2
Consoles are cheaper than PCs by a fair margin, hence the sales descrpency. But the comparison is apples and oranges. I could say that productivity software sales on the game consoles is nothing compared to PCs as proof against game consoles.

A fair comparison would be amount of software & freeware downloaded or purchased per PC vs the number of games sold per game console. I'd imagine the PC would win that comparison since it is capable of far more than a game console.

There's no doubt the app store is impressive and Apple could maintain it's hold on that market, but only if they get off of AT&T. Otherwise the sheer volume of things running Android could force developers to go there if they want to be a part of the market.


By Shining Arcanine on 1/13/2010 3:40:09 PM , Rating: 2
Macintosh computers are PCs. :/


"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki