Welcome to Magazine Premium

You can change this text in the options panel in the admin

There are tons of ways to configure Magazine Premium... The possibilities are endless!

Member Login
Lost your password?

Does Google need to lock down the Google Play store?

April 9, 2014
By

Disturbing reports about fake Android apps are nothing new, but the latest one involves an app called Virus Shield. It sold for $3.99 and promised to improve the security of Android devices. Unfortunately, as Android Police discovered, it actually did nothing at all except to fleece users of their hard earned money. The app has since been pulled from the Google Play store, but the damage has already been done.

All of this has got me wondering if it’s time for Google to consider locking down the Google Play store.

The app description says that it “Prevents harmful apps from being installed on your device,” “scans apps, settings, files, and media in real time,” and “protects your personal information.” Oh, and it has a low impact on battery life, and has “No, ZERO pesky advertisements!”

There’s just one problem: it’s a complete and total scam. We don’t mean in the slightly skeevy way that some anti-virus and general security software overstates dangers and its own necessity. We mean it’s literally a fake security app: the only thing that it does is change from an “X” image to a “check” image after a single tap. That’s it. That’s all there is, there isn’t any more.

More at Android Police

Virus Shield Fake Android App

Is it time for Google to lock down the Google Play store to protect Android users?

Image credit: Android Police

A dangerous situation for Android users and for Google
I really feel for the victims of this scam, as well as others that have been perpetrated on the Google Play store. People work really hard for their money, day in and day out. Then they go to buy an app that they think will help protect them from the bad guys, and it turns out the app developer is one of the bad guys! That has to be extremely frustrating for all of the people that were hoodwinked by this bloodsucking criminal.

Scams like this are very dangerous for Google. Each time they happen they shake people’s faith and trust in the integrity of the Google Play store. Over time this could result in less people using the Google Play store to buy apps, and that’s not good for app developers or Google. It could result in significantly less revenue for everybody as sales start drying up due to fear of fraud and abuse.

The reviews of Virus Shield were quite positive. I have no doubt that many or all of them were fake, and were probably posted by the developer to lure people into buying the app. This is yet another issue that Google has to contend with or they run the risk of user reviews losing all credibility in the Google Play store. Why should anybody believe a user review if it’s so easy to fake them to make the app look good? Once user reviews are utterly discredited then it’s yet another nail in the coffin of the Google Play store’s credibility.

Some people might downplay the importance of this situation since the Virus Shield app cost $3.99 and they might not consider that to be a large amount of money. But multiply that by thousands and thousands of users and you end up with a significant amount of cash. Now multiply it by any number of different apps and you have a serious problem on your hands that could shake the foundations of Android as a platform if something isn’t done.

Mobile malware hidden in Android apps in the Google Play store
And fake apps aren’t the only problem with the Google Play store. PC World reports that the number of mobile apps infected with malware in the Google Play store quadrupled between 2011 and 2013.

In 2011, there were approximately 11,000 apps in Google’s mobile marketplace that contained malicious software capable of stealing people’s data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said.

“The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data,” said RiskIQ CEO Elias Manousos, in announcing the findings.

More at PC World

So we’re not just talking about fake apps, we’re also talking about apps that are themselves infected with nasty stuff that can cause an Android user a number of different headaches and problems. According to the story Google seems overwhelmed by the influx of malware and the number of apps removed because of malware has declined from around 60% to less than 25%. Wow!

Android’s reputation is at stake with users
All of this has the potential to negatively affect the very perception of Android as a platform. Yes, I think it’s really that serious. Google is going head to head with Apple, Microsoft and others in the mobile marketplace. They cannot afford to have Android itself be thought of as a lawless platform, filled with all manner of fake apps designed to scam people out of money while providing nothing in return or apps that are infested with malware designed to steal user’s confidential data.

Android’s openness has always been part of its appeal, but isn’t it time for Google to start locking down the Google Play store? Yeah, open is great and I understand that. But what good is having an open platform if it’s corrupted and ruined by these kinds of apps? It seems to me that keeping it as open as it is has become more a negative than a positive. Where is Android going to be in five years if things keep going in this direction?

And the fact that Google seems unable to keep up with all of this is quite disturbing to me. Google makes billions of dollars every year so I’m not buying into the argument that they don’t have the resources to deal with this problem. They surely do and if they don’t have the staff on hand right now then they better start hiring people left and right to start blocking malware-laden apps and fake apps from ever appearing in the Google Play store.

Is Google up to the task of protecting users in the Google Play store?
Google has made some recent changes designed to clean up the Google Play store, as reported by CITEworld. Some of this seems like steps in the right direction, but is it going to be enough to really make a difference? Somehow I doubt it, but I truly hope I’m wrong.

Google is giving Android developers 15 days to ensure they are in compliance with a new set of rules designed to combat spyware and other malicious code hiding in apps being offered in Google Play.

Here are the new (and reiterated) rules established by Google:

A new App Promotion policy prohibits deceptive ads on websites and apps, auto-downloads or text ads.
Developers must “clearly disclose when an advertised feature in your app’s description requires in-app payment.”
Browser modifications on behalf of third parties or advertisements are prohibited. All advertising “must be properly attributed to, or clearly presented in context with the app it came along with.”
All advertising behavior “must be properly attributed to, or clearly presented in context with the app it came along with.”
Apps cannot secretly track and spy on users. Apps that track device user behavior must feature a persistent notification and icon identifying its existence and purpose.
The company offered clearer language on its content policies, particularly regarding sexually explicit content, bullying and hate speech.

More at CITEworld

Part of me wonders if Google is really up for this fight. The company has languished in some kind of stupor for a long time while the bad app developers have run wild in the Google Play store. The latest efforts may cut down on some of it, but how long until the bad guys just get more clever about hiding their sleazy malware? And is anybody going to actually test apps to make sure they do what they say they do? The new policies don’t seem to address that particular problem in any comprehensive way, and it might leave a door open for apps like Virus Shield to continue fleecing users for their cash.

In order to stop the bad guys Google is going to have to act in an extremely aggressive and forthright manner on all fronts by providing resources, policies and tools to protect Google Play customers, and they are going to have to reexamine what “open” means and if it’s really worth it in the long run. The jury is still out on whether or not Google will do all of this. Meanwhile the fate of the Google Play store and perhaps even Android itself hangs in the balance.

What’s your take on this? Tell me in the comments below.


Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *



You can unsubscribe to follow-up comments or new posts via links in the email notification message.

7 Responses to Does Google need to lock down the Google Play store?

  1. Scott on April 10, 2014 at 3:19 pm

    Lock down mode would only hurt smart users in order to hand-hold a few idiots.

    It pays to consider how many times the app has been downloaded, read its negative reviews as well as its rave reviews, and look at its overall rating and the number of ratings it has received. Then, favor apps that have been downloaded more than others, favor apps more that have received the most informative reviews, favor apps more again that have received the highest ratings, and favor, even more, apps that have received the greatest number of ratings among those that have received the highest. But most of all, consider whether the app is even necessary and who is selling it.

    What I don’t understand is why people consider it realistic to expect that everything offered for sale, whether at Wal Mart or the Google Play store, is high quality and fit for its stated purpose. In this case, it’s as if Wal Mart were offering plastic tarps from Unscrupulous Incorporated for the purpose of keeping rain from falling on the roof of your house, and only after more than a thousand people gleefully buy it does it occur to anyone that maybe tarps to keep the rain off the roof are unnecessary and that maybe Unscrupulous Incorporated is just that, unscrupulous. Or the late night commercials offering those ridiculous kitchen gadgets from The Crap Company that show hapless cooks in black and white flailing around with a knife unable to cut an onion followed by happy users, in color, of the ridiculous kitchen gadget. “Just send $9.95 plus $4.95 shipping and handling. But wait, if you order two ridiculous kitchen gadgets, we’ll include this color-coordinated ridiculous kitchen gadget organizer for free. Just pay an additional $4.95 for shipping and handling.”

    Hello!

  2. Albin on April 10, 2014 at 12:28 pm

    Buy a scam at eBay using PayPal and PayPal’s fraud protection kicks in to cover you.

    The “problem” is that Google’s Checkout isn’t covering purchasers of this fraudulent app the same way. Full stop.

  3. Ron on April 10, 2014 at 7:50 am

    Couldn’t agree more. I love my Android phone. I like Google’s Play Store. But I have and do recommend the iPhone to some people I know who I don’t think can handle the “open” state of the overall Android experience.

    Malware and exploitive software will only serve to get me to push more people Apple’s way. I’m not going to knowingly send my family and friends down the Android path if I’m not convinced it won’t be a safe experience for them. Guess who they come back to when something goes wrong? I don’t want to deal with the problems and mess they get into.

    Google needs to solve the malware problem for the end user and the fragmentation problem for developers. If not, they will be hurt by it some day.

    • kirk on April 10, 2014 at 4:09 pm

      I’ve seen this scam app written about a few times in the past couple of days, and several comments about how this makes the iphone and apple a better alternative to “protect” people from $4.00 scam apps.

      My question is, it worse to have your friends and family spend hundreds of additional dollars on a device, to protect them from 4 dollar scams? Almost all paid apps are more expensive on the apple store, too. If looking out for our family and friends financial interests is our job, is apple actually the right choice?

      Google does check for malware code, and other nefarious code in apps. I guess they didn’t check to see if an app just displays an icon (because that isn’t any kind of dangerous code, just pointless really) and so it passes their check.

      And can iphone apps be decompiled, in the same way as android apps, to read their code (I know nothing about apple stuff)? How would anybody ever know if apps being bought on the apple store were doing anything or not?

      I recommend that my mom forever stay with her iphone, because even that is too difficult for her to use. But if I were to recommend something to save her money, it would definitely not be the iphone. The cost of buying a $4 dollar scam is much less costly in comparison (even the security apps that do scan other apps, are scams too, just more elaborate and superfluous scams).

      • kirk on April 10, 2014 at 4:44 pm

        I am guilty of not reading this particular article first, as it deals more with the malware element than this latest scam hitting all sites.

        But it begs me to question those statistics about what they are calling “stealing information”. If an app deals with text messages (or email, or twitter, ect), it has to read your data about the people in your contacts lists. It can’t work without reading that data.

        I am not saying the google play store is totally free of all malware. I am sure it is not. I don’t love google, and I don’t hate it either.

        But I have as little faith in the accuracy of “a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said.” Is it counting skype as spyware, for reading your contact lists and their phone numbers, and syncing it to MS’s servers (not trying to do bash MS here, just an example). It has to for the app to function.

        Or is this study meant to promote the services that this company sells? I trust that report as much as trust Google, or Apple, or MS to tell me the “truth, the whole truth, and nothing but the truth”. I don’t. I acknowledge that I do have some trust in those companies, and that trust can and will be often betrayed.

  4. Gerry on April 9, 2014 at 7:25 pm

    All this hand-wringing over Virus-Shield. What do all the other so called anti-virus apps effectively do? They really aren’t needed on Android. People are wasting their money if they buy any anti-virus on android. Google says they aren’t needed.

  5. Brian Masinick on April 9, 2014 at 4:27 pm

    I think that Google has been caught unprepared for this. Companies that have been established longer in the more “traditional” ways of doing things, including Apple and even Microsoft, may seem “slow” at times to act, but often it is because they are considering the long term consequences of the choices they make.

    I think it is good to be open and it is good to share, but in this day and age, it is also important to verify that the people you are partnering with are worthy of your partnership and the days of accepting whatever they do without first verifying and authenticating what they do, unfortunately, are long gone.

    When I take a new job, without fail, I am scrutinized and full background checks are performed. That is fair, and I think it is appropriate to do the same with software before making it widely available, whether it is free or not.

    This is not one of the “more fun” types of functions we have to perform, but criminals are forcing this, and as far back as 1995 Microsoft, who we love to criticize, put together some “what if” videos about what we would be able to do in the future with mobile and powerful systems. They showed how we’d be able to update software on our systems while we are out running errands (we do this all the time), but they also showed a less exciting – more like frightening – scenario in which criminals would have the same powerful technology to do harm rather than good. The one positive from that was that as new technologies were being developed, the message was to design in good security, both preventative and war raging tools to combat evil.

    We knew about it then, and we ought to know about it now. It is just as profitable to create advanced tools in hardware and software to combat crime. Obviously criminals make a lot of money committing the crimes; smart hardware and software companies can do the same for crime prevention, loss protection, and simply to do what is right and best. This is the age we are in, like it or not, and Microsoft, believe it or not, was quite visionary and accurate in assessing the way things would go. Their scenarios, thinking back to those 1995 movies, were amazingly accurate and right on. Google and all other technology companies ought to take crime and loss prevention extremely seriously, even as a core business. It can (and will), and in many cases, HAS affected nearly all large companies, as well as many of their customers. Time to invest in doing a better job; long past time, in fact. Much more needs to be done!



Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Ads and Amazon

Read about the kinds of ads I run, and the kinds I don't allow on this blog.

Thank You!

Thank you if you've whitelisted this site or made a purchase via the Amazon links, your support is very much appreciated.

Google+ Posts