backtop


Print 19 comment(s) - last by djc208.. on Jan 13 at 4:55 PM

Google finds that some are abusive of its app store permissiveness

With a few scant exceptions like unauthorized tethering apps, Google has been rather permissive in what it allows on its Android Market -- its counter to the iTunes App Store.  Whereas approval through Apple can be filled with months of rejections and delays for some unlucky developers, Google has tried harder to make the process of publishing an app as straight forward as possible.

Some malicious parties, though, have tried to take advantage of the company's permissive nature.  On December 22, First Tech Credit Union wrote that a "fraudster developed a rogue Android Smartphone app" that spoofs users with a fake bank interface, trying to get users to fill in their account information.  That day BayPort Credit Union's mobile bank provider, MShift, announced similar concerns, stating that it had contacted Google on the December 15 about another rogue app.

It turns out that the developer -- 09Droid -- actually had a plethora of fake bank apps available on the Android Market, including apps posing as Chase, Sun Trust and Bank of America.  Google has at last removed those apps from the market, explaining that they clearly violate its terms of use.

Writes a Google spokesperson, "The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

They add, "For example, we have a policy against inappropriate content, which includes malware. A developer must also abide by our Developer Distribution Agreement in order to upload an application to Android Market. We also may check applications for compliance with the Market Content Policies (in order to remove malware, porn, spam, or profanity)."

While the Android Market clearly has rules, it is an interesting question whether Google's permissiveness is the reason rogue apps like this have been able to slip through to a greater degree than competitor Apple.  Despite an enormous volume of apps, few, if any, rogue apps have made it to Apple's iTunes App store thus far.

Regardless of the answer to that question, Mikko Hyppönen, chief research officer at F-Secure, says rogue applications are a sign of smart phone attack attempts to come.  He also points out that smart phone manufacturer Symbian's app approval process has also been subverted.  He writes, "Some of them will try to target online banking, others will try to call premium-rate numbers or send text message spam and so [on]. Signing and certifying programs are in a key position on smartphone systems to prevent problems like this ... [although] we have seen the 'Signed by Symbian' certification process subverted a couple of times."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Dumb laws
By Visual on 1/13/2010 8:43:03 AM , Rating: 5
This is such an extreme case of obvious fraud attempt that I'd say there should be enough grounds to prosecute this specific developer.
Are there no real laws that can apply in this case, besides Google's own TOS?
Simply removing the offending apps does not seem like sufficient or adequate counter measure to me.




RE: Dumb laws
By serkol on 1/13/10, Rating: -1
RE: Dumb laws
By Shadrack2 on 1/13/2010 9:45:10 AM , Rating: 5
Agreed, it's ridiculous that someone could clearly make an outright attempt to rob people and get less than a stern lecture.

"No Johnny, No. If you keep trying to destroy peoples lives I'm going to give you a time out, I mean it this time."


RE: Dumb laws
By bhieb on 1/13/2010 9:55:28 AM , Rating: 2
What is really bad is that Google did not catch these obvious apps, until after they were in the hands of users. Too loose of a policy if you ask me.

Just like Google (and all business) though, they want to reap the biggest rewards with the least amount of effort.

To bring about real change. The person to go after IMO is Google for gross negligence. If the app developer TOS says no malware, then surely Google has to provide a reasonable level of security to it's users that the TOS is being enforced in real time. Not like this where they let the bad apps sit there for awhile before doing a "house" cleaning.

There needs to be some sort of pre-screen.


RE: Dumb laws
By reader1 on 1/13/10, Rating: -1
RE: Dumb laws
By bhieb on 1/13/2010 10:43:21 AM , Rating: 2
quote:
The current era of computers is the Wild West: it's lawless and unsustainable.


Good analogy, but arguably it must be to allow for the wild rapid expansion that has existed. So it is not all bad.

In a way the PC/Internet is already becoming "closed" via 3rd party apps such as AV/spam filters. They essentially pre-screens content.


RE: Dumb laws
By d3872 on 1/13/2010 11:09:56 AM , Rating: 2
quote:
There needs to be some sort of pre-screen.


Sigh.

I've developed an app that I call the "Happy Happy Joy Joy" App! It plays the Happy Happy Joy Joy song whenever one of your friends calls. What a fun, silly, harmless little app. Also, on March 14, 2010 it changes it's name to "Bank of America Online Access", presents a different user interface and starts collecting account numbers.


RE: Dumb laws
By Visual on 1/13/2010 11:46:36 AM , Rating: 4
I don't agree. Google do not have to pre-screen for such apps, or even do not have to remove them when they have been reported by users. It's cool if they do that, but I would not be mad at them if they didn't.

Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after. The original developer is the one that is committing fraud, and actions should be taken against them only. The host can and should help in this by providing information to help reveal their identity, but should not be blamed for hosting the offending content.

I like the idea of having free hosting of apps in general, in more meanings than just price-wise. I do not want censure.


RE: Dumb laws
By bhieb on 1/13/2010 2:00:30 PM , Rating: 2
quote:
Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after.

Your analogy is flawed. Problem is this is not some random app I installed of some random torrent/site. This is Google's App store, and you have to have their permission to develop for it (however lacking the process is). Therefore they share some of the responsibility for the quality that store offers.

The users did not go to some random site, they when to a Google sponsored site. If I go to and MS/Apple/Google or whatever "store" and the product they sold was malicious, they absolutely share in the blame.

They are not the main cause, but their policy certainly is. I mean it is Google for Pete's sake, they should know better than anyone what kind of crap will get put on their site if they have a post-review process. Hell try to publish an open forum and see how long it takes to get completely overran but malicious posts.

Bots don't give a rats ass about TOS's, you HAVE to pre-screen or your site will not be trusted. Otherwise Google has taken a if no one complains do what you want stance. Not an acceptable model for any kind of e-store, free or paid.


"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki