backtop


Print 19 comment(s) - last by djc208.. on Jan 13 at 4:55 PM

Google finds that some are abusive of its app store permissiveness

With a few scant exceptions like unauthorized tethering apps, Google has been rather permissive in what it allows on its Android Market -- its counter to the iTunes App Store.  Whereas approval through Apple can be filled with months of rejections and delays for some unlucky developers, Google has tried harder to make the process of publishing an app as straight forward as possible.

Some malicious parties, though, have tried to take advantage of the company's permissive nature.  On December 22, First Tech Credit Union wrote that a "fraudster developed a rogue Android Smartphone app" that spoofs users with a fake bank interface, trying to get users to fill in their account information.  That day BayPort Credit Union's mobile bank provider, MShift, announced similar concerns, stating that it had contacted Google on the December 15 about another rogue app.

It turns out that the developer -- 09Droid -- actually had a plethora of fake bank apps available on the Android Market, including apps posing as Chase, Sun Trust and Bank of America.  Google has at last removed those apps from the market, explaining that they clearly violate its terms of use.

Writes a Google spokesperson, "The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

They add, "For example, we have a policy against inappropriate content, which includes malware. A developer must also abide by our Developer Distribution Agreement in order to upload an application to Android Market. We also may check applications for compliance with the Market Content Policies (in order to remove malware, porn, spam, or profanity)."

While the Android Market clearly has rules, it is an interesting question whether Google's permissiveness is the reason rogue apps like this have been able to slip through to a greater degree than competitor Apple.  Despite an enormous volume of apps, few, if any, rogue apps have made it to Apple's iTunes App store thus far.

Regardless of the answer to that question, Mikko Hyppönen, chief research officer at F-Secure, says rogue applications are a sign of smart phone attack attempts to come.  He also points out that smart phone manufacturer Symbian's app approval process has also been subverted.  He writes, "Some of them will try to target online banking, others will try to call premium-rate numbers or send text message spam and so [on]. Signing and certifying programs are in a key position on smartphone systems to prevent problems like this ... [although] we have seen the 'Signed by Symbian' certification process subverted a couple of times."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Dumb laws
By Visual on 1/13/2010 11:46:36 AM , Rating: 4
I don't agree. Google do not have to pre-screen for such apps, or even do not have to remove them when they have been reported by users. It's cool if they do that, but I would not be mad at them if they didn't.

Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after. The original developer is the one that is committing fraud, and actions should be taken against them only. The host can and should help in this by providing information to help reveal their identity, but should not be blamed for hosting the offending content.

I like the idea of having free hosting of apps in general, in more meanings than just price-wise. I do not want censure.


RE: Dumb laws
By bhieb on 1/13/2010 2:00:30 PM , Rating: 2
quote:
Much like when you find such an app on a torrent or ftp server or similar, it isn't the host that you should go after.

Your analogy is flawed. Problem is this is not some random app I installed of some random torrent/site. This is Google's App store, and you have to have their permission to develop for it (however lacking the process is). Therefore they share some of the responsibility for the quality that store offers.

The users did not go to some random site, they when to a Google sponsored site. If I go to and MS/Apple/Google or whatever "store" and the product they sold was malicious, they absolutely share in the blame.

They are not the main cause, but their policy certainly is. I mean it is Google for Pete's sake, they should know better than anyone what kind of crap will get put on their site if they have a post-review process. Hell try to publish an open forum and see how long it takes to get completely overran but malicious posts.

Bots don't give a rats ass about TOS's, you HAVE to pre-screen or your site will not be trusted. Otherwise Google has taken a if no one complains do what you want stance. Not an acceptable model for any kind of e-store, free or paid.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki