Google Lackadaisical Over App Security

Do Not Overreach

Google needs to do a lot more to protect its users. The internet is a wild and wooly place, and Google knows better1 than to trust every developer is honest.

A major software attack on mobile phones has put pressure on Google Inc. to do more to secure its online store for smartphone applications.

The company behind the now ubiquitous Android operating system came under fire after computer-security experts last week uncovered more than 50 malicious applications that were uploaded to and distributed from Google’s Android Market.

Some security experts said the incident shows Google, which doesn’t inspect Android apps before they are published, needs to do more to try to ensure the apps are safe before they are offered to smartphone users.

Google largely relies on users to rate apps and raise the alarm about any problems with them. It also requires consumers to give their consent for an app to access their personal data. But that approach isn’t enough, according to Chris Wysopal, chief technology officer of computer-security firm Veracode. “App stores need to get serious about vetting code before it is available for customer download,” Mr. Wysopal wrote on his blog.

Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn’t clear how many users activated the applications, a Google spokesman said.

(click here to continue reading Google Takes Heat Over App Security – WSJ.com.)

Google doesn’t like to invest money in these sorts of human dimensions, preferring to let people self-help. Remember the Nexus phone debacle? No live tech support was even planned. Customers of Google are supposed to use web forums for all issues, including I guess spreading the word about malicious apps in the Android Market.

Cell phone-iphile

There are problems with the Apple App Store model2, but fearing that malicious apps will compromise users’ data is not one of them. I have zero fear that an iPhone app will give root access to my phone, for example.

Footnotes:
  1. or should know better []
  2. mostly based on how successful the Apple App Store is – takes a long time to get an app approved, or updated, because there are just so many damn apps! From my admittedly non-developer perspective, seems like Apple needs to hire more staff, but maybe they’ve gotten better []

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.