Vulnerabilities / Threats
6/28/2010
07:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Android Market Under Fire

A prominent programmer's call for Google to improve its Android Market is echoed by Android users and developers.

When Apple gets criticized for its management its iTunes App Store, the issue tends to be that the company's rules are deemed to be too strict and too opaque.

When Google gets criticized for its management of the Android Market, it's just the opposite.

"Google does far too little curation of the Android Market, and it shows," declared programmer Jon Lech Johansen in a blog post on Sunday. "Unlike Apple's App Store, the Android Market has few high quality apps."

Johansen is best known for being one of three programmers who cracked the CSS algorithm that protected DVDs from being copied back in 1999. Having also reverse engineered Apple's FairPlay DRM technology, among other hacking feats, he recently co-founded a company called doubleTwist that makes music jukebox and synchronization software similar to iTunes.

These days, Johansen is urging Google to take steps to deal with the trademark and copyright infringement that he claims is widespread in Android Market applications.

Other prominent Google observers like John Battelle, program chair and co-moderator of the Web 2.0 Summit and author for The Search, echo Johansen's observations. "I've heard over and over that Android's user experience, when it comes to apps, is terrible, and it's a major reason why folks love Apple," he wrote in response to Johansen's post on Monday.

Google didn't immediately respond to a request for comment.

Google's Android Market forums include similar complaints. A developer of iPhone games posting under the name "tomsamson" -- a handle used by Ugur Ister of Stimunation -- writes that "coming from the very restrictive App Store environment," he's excited to give the Android platform a try. However, he tempers his expectations by noting that the Android Market appears to have a number of problems.

He complains about app prices appearing in different currencies in the same store, image display problems, a poor store search interface, the absence of an app category display mechanism to boost the visibility of certain app genres, a return policy that makes it too easy for users to return apps, and the ease with which Android apps can be copied without authorization. (Unauthorized copying affects iPhone developers too.)

Other people posting to Google's Android Market forum complain that Google doesn't do enough to moderate App feedback from users, which they say contains too much crude, useless, or offensive content.

One of the more popular threads on Google's Android Market forum is a call for parental controls to prevent minors from accessing explicit content through the Android Market. "I would love an Android-based phone but Google's lack of priorities in this area is forcing me to an iPhone also," writes one forum user. "I want [the] ability to filter out any content I don't like."

While third-party content filtering software is available for Android phones, many of the complaints raised by Android users appear to have some merit. If Google really wants the Android platform to surpass the iPhone, it can't afford to rely on the sort of hands-off, automated approach it prefers.

Somewhere between anti-democratic refusal to approve politically-oriented apps and excessive tolerance of those abusing the system, there's a balance that allows freedom and responsible oversight to co-exist. It remains to be seen whether Apple, Google, or some other company will discover it first.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.