The Saga of the store began few years ago in 2008 for Apple with the initial 500 application in It and then for Google. This service evolved and actually faced a lot of security issues people seem to have forgotten.
Google VP and Head of Security for Google Play Dave Kleidermacher tells on Techcrunch : ‘the chance of installing a malicious app is now 0.00006 percent (and Google sees about 8 billion installs per month across the world)’ AND ‘ 10x more likely to install a harmful app from a non-Play source than Google’s official store.’
Indeed, the biggest threat of the store stay the malicious software a user can install on his smartphone… Having too much malicious apps could even push a user not to use his/her phone as it makes the user experience terrible and so be actually counter-productive for all. And trust me, as you do not want a stranger to violate your private life, you do not want those software able to access all your data as well.
A store is a security…
Google is offering to developer/phone provider an OS that they want to keep safe but constantly threat by malware.
Since 2012 Google is developing solution around malware in the store. It began with Google Bouncer, an integrated antivirus and then this was rebranded Google Play Protect and followed with the 2 Factors authentification . Later Google went even further with ‘peer grouping’ that analyse similar apps to get some postback alert on the level of request people make to access the user data.
Just to give you an idea of what malware can access on your device, it canaccess to :
- Body sensors
- Phone, SMS
- Google accounts
You understood, if a malware get this data your experience on your smartphone can easily become the worse on earth.
Malware is not a myth… You Need policy.
Everyday a lot of users installs apps by stores or website and the security is key. You probably know the Fleeceware they exist and already charge people hundreads of dollars to scann a QR Code.
I just want to quote Rik Ferguson that express his opinion after android was hit by rogue app malware that made Android develop the well known ‘remote kill’ for apps:
« This greater openness of the developer environment has been argued to foster an atmosphere of creativity, » he wrote, « but as Facebook have already discovered it is also a very attractive criminal playground. »
Or even Manousos CEO of RiskIQ
« Malicious apps are an effective way to infect users since they often exploit the trust victims have in well-known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants. Our unique visibility directly into App Stores allows us to shine a light on this problem and prevent attackers from impersonating brands to exploit their customers. »
Number show store are more trustable thanks to their constant work and policies that implies fees…
If RiskIQ claimed in 2013 less than 12.7 % of apps malware this is not because the malicious app publisher gave up on fraud but because of the store improvement. Everyday, Google is working on his app policy and how to make this market a safe place. This require actually people to develop trustable technology and make the store a safe place where users are not afraid to install apps.
I am for alternative to the store duopoly but not at any price. This need to be done in the rules of the art as internet is a space with a lot of black hat waiting to get you PII. Competition enhance creativity, and I am so happy to see Samsung, Amazon, Huawei develop their own. But this need to be regulated as preload apps market needs to be because even if you buy a cheap device you do not want to be other spam.
Android P a perfect example of the hard work made by google to keep it safe. This include a TLS, no apps in background to access your micro, lockdown mode, a DNS resolver, biometric identifications and many other features to make phones a safe place. This work deserve salary. Later, Google went even further with a security key feature that can add an extra security layer.
Website store are the less safe of the world…
Below is the list of the website where you can actually find APK also known to be the least safe according to riskiq :
- Feral apps
My thoughts :
- If you want to continue mobile marketing mobile need to stay a safe space so people continue to use their devices and so we need SAFE store.
- 30% fees justify the service you got from the store : automated update + quality control to avoid malware.
- Website APK store need to be regulated to be sustainable.
- Store is a need but we need more than several to make those place improve. But this market is atm shared by a duopoly + the smartphone technology owner. Will the policy be as good in each store is an interesting question.