It’s Time for Google to Rethink the Android Market

By  |  Friday, March 4, 2011 at 8:38 am

Does Android have a malware problem? After news earlier this week about Google removing 21 apps from the Android market earlier this week due to the discovery of a Trojan horse, it ‘s now being reported that as many as 50 or more apps in total have now gotten the axe.

While Android malware is nothing new, this apparently marks the first time that the problem has occurred on a larger scale. At least three different developers (if you want to call them that, since they were all basically malware pushers), have now used the same Trojan. There could be more.

The way that Google has decided to do business is directly responsible for this problem. On Android Market, all you need to be is an approved developer and the doors are open to list anything you want. Sure, Google can exert some control, but only after the fact.

Android as a platform is making massive gains in market share: thus, the potential for a malicious app to create real havoc is getting larger by the minute. This is why it may be time for Google to rethink the Android Market itself.

Making some changes in the process would not be admitting failure or capitulating either. While many scoff at Apple’s top-down approach of dealing with developers, it has prevented (for the most part) seedy apps from making it into the App Store.

Why can’t Google start guarding the doors as well? It’s time to do so. If Google decides to do nothing, these stories of malware in the Android Market will become more frequent. Sooner or later consumers will begin to view the platform as insecure.

And as Microsoft has found out, that’s a hard impression to reverse.

 
12 Comments


Read more: , , ,

12 Comments For This Post

  1. Fred Says:

    Make the Market exactly like the app store? What a great idea. Everything should be exactly like Apple all the time. I hate choices.

  2. Ed Oswald Says:

    Completely missed the point.

  3. Fred Says:

    Then explain yourself better. Are you not proposing that Google adopt “Apple’s top-down approach of dealing with developers”?

  4. Ed Oswald Says:

    Please enlighten me as to what Google could do otherwise. Malware is a problem.

  5. kailsabin99 Says:

    This. Totally agree. People are already telling me they don't trust Android phones and are happy Apple watches the App Store like they do.

    Apple is appealing to the average joe who doesn't want to have to browse the net to find out what a good app is or if it's safe. If it's in the store and it's got a good rating I'll download it and try it out. You shouldn't have to trust a developer to not be a malware pusher. Your average user isn't a security researcher. Don't expect them to not crap like crazyscreensavor.scr and ultmatesearch toolbar for IE6 when it's offered to them. Do the research for them and save them from this crapware and they'll love you for it.

  6. Chris Gorski Says:

    I very much doubt that, in the long run, consumers are going to accept antivirus software as something they need on their phones, much as they have on their PC's. This is clearly a weak link for Android. Phones and other appliance-like devices don't need to be "open" in the way that a PC (particularly one running Linux) is "open". They need to Just Work.

  7. Paul Says:

    It isn't that they can't, but Google faces two problems that I can think of by doing this:

    1) It draws criticism over the fact that they are "open" – restricting entry into their store can be seen as hypocrisy or a move toward Apple. (of course Apple had it restricted from day one). Point is Google's business model is based on the perception of being open.
    2) It's really tough to close the barn doors to stop the horses from escaping after a couple of years of being left open. It's the idea of taking something away from people who already had something.

  8. Andrew Brandt Says:

    As an admittedly reluctant Android adopter, who researches malicious software (including malware on Android) for a living, I think the author does have a point, but moving in the direction of an Apple-like App Store under tight centralized control isn’t the answer.

    Both the Market and Android (as an OS) fail to give users the kind of information, or the level of detail, about the capabilities an Android app really has. I closely scrutinize the warnings before I install an application — even clicking through to read all of the capabilities reported in the installation dialog — but still am left wanting more details. Why does any given (not network enabled) app need Internet access? Why would any app that has no stated functionality involving the address book need permission to access the address book? These two questions just scratch the surface, and you don’t need a tinfoil hat to worry about the future of the platform.

    As long as Android lacks the ability to deny applications access to certain features on an app-by-app basis, and until Android by default gives apps only limited access to certain functions or operations within the phone, this will continue to be a problem, because you can’t force the humans operating the phones to understand the risks they face installing an arbitrary app, or take security seriously when presented with a pretty, shiny flashing thing.

  9. darkmonday Says:

    Google is responding to this problem and in sure they will put some safe guards in place. People over simplify things too much as if google could just press a button and end world hunger. people will always find ways to put trojans and viruses on popular things like facebook, windows and whatever. Android is developing at a unbelievable pace and im sure they can come up with something to protect their users more.

  10. Ted Wise Says:

    Wow. Just wow.

    Everyone in Androidville rips Apple for rejecting applications and turning the App Store into Disneyland. They scream about lack of choice and Apple's control-freak mentality. Then malware starts turning up in the Android Market and everyone is shocked.

    You want Google to start scanning apps for viruses like on PCs? Just like on the PC that only works after someone identifies the virus the first time. And once Google announces they're scanning, they become _responsible_ for viruses that make it into the store. No one blamed Google when the trojans were discovered, but they sure will if Google starts scanning.

    Someone else wants even more information about what rights an application has when you install it. Holy crap. No one reads that stuff now. Only the techies will understand and they're likely not installing random trojan-laden software anyhow.

    This is what you get folks, you need to learn to accept it. If you like the idea of someone pawing through your apps, arbitrarily banning them for using too much battery life, crashing on startup or including malware get an iDevice. But if you want openness you have to accept the old PC-mentality of badly behaving software, virus scans and the wild west of the Android market.

  11. Ed Oswald Says:

    Ted –
    I generally agree with your overall premise. People need to understand that it is the way that the Android Market is set up which is a DIRECT contributor to this problem. I highly doubt we’ve seen the last of it either… this is probably even more widespread.

    Openness does not preclude safety measures. They can take some preventative steps and tighten Android and the Android Market up. Otherwise, it becomes just like Windows did over a decade ago… exploit after exploit, with Google playing catchup the whole time.

  12. videomaker114 Says:

    WOw this is an excellent view. i really like the blog post which you have made. i was in Cruise agency with them, but
    i really like the way they have predicated every thing. Thanks