Vulnerabilities / Threats
6/28/2010
07:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Android Market Under Fire

A prominent programmer's call for Google to improve its Android Market is echoed by Android users and developers.

When Apple gets criticized for its management its iTunes App Store, the issue tends to be that the company's rules are deemed to be too strict and too opaque.

When Google gets criticized for its management of the Android Market, it's just the opposite.

"Google does far too little curation of the Android Market, and it shows," declared programmer Jon Lech Johansen in a blog post on Sunday. "Unlike Apple's App Store, the Android Market has few high quality apps."

Johansen is best known for being one of three programmers who cracked the CSS algorithm that protected DVDs from being copied back in 1999. Having also reverse engineered Apple's FairPlay DRM technology, among other hacking feats, he recently co-founded a company called doubleTwist that makes music jukebox and synchronization software similar to iTunes.

These days, Johansen is urging Google to take steps to deal with the trademark and copyright infringement that he claims is widespread in Android Market applications.

Other prominent Google observers like John Battelle, program chair and co-moderator of the Web 2.0 Summit and author for The Search, echo Johansen's observations. "I've heard over and over that Android's user experience, when it comes to apps, is terrible, and it's a major reason why folks love Apple," he wrote in response to Johansen's post on Monday.

Google didn't immediately respond to a request for comment.

Google's Android Market forums include similar complaints. A developer of iPhone games posting under the name "tomsamson" -- a handle used by Ugur Ister of Stimunation -- writes that "coming from the very restrictive App Store environment," he's excited to give the Android platform a try. However, he tempers his expectations by noting that the Android Market appears to have a number of problems.

He complains about app prices appearing in different currencies in the same store, image display problems, a poor store search interface, the absence of an app category display mechanism to boost the visibility of certain app genres, a return policy that makes it too easy for users to return apps, and the ease with which Android apps can be copied without authorization. (Unauthorized copying affects iPhone developers too.)

Other people posting to Google's Android Market forum complain that Google doesn't do enough to moderate App feedback from users, which they say contains too much crude, useless, or offensive content.

One of the more popular threads on Google's Android Market forum is a call for parental controls to prevent minors from accessing explicit content through the Android Market. "I would love an Android-based phone but Google's lack of priorities in this area is forcing me to an iPhone also," writes one forum user. "I want [the] ability to filter out any content I don't like."

While third-party content filtering software is available for Android phones, many of the complaints raised by Android users appear to have some merit. If Google really wants the Android platform to surpass the iPhone, it can't afford to rely on the sort of hands-off, automated approach it prefers.

Somewhere between anti-democratic refusal to approve politically-oriented apps and excessive tolerance of those abusing the system, there's a balance that allows freedom and responsible oversight to co-exist. It remains to be seen whether Apple, Google, or some other company will discover it first.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant