Vulnerabilities / Threats
6/28/2010
07:07 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Android Market Under Fire

A prominent programmer's call for Google to improve its Android Market is echoed by Android users and developers.

When Apple gets criticized for its management its iTunes App Store, the issue tends to be that the company's rules are deemed to be too strict and too opaque.

When Google gets criticized for its management of the Android Market, it's just the opposite.

"Google does far too little curation of the Android Market, and it shows," declared programmer Jon Lech Johansen in a blog post on Sunday. "Unlike Apple's App Store, the Android Market has few high quality apps."

Johansen is best known for being one of three programmers who cracked the CSS algorithm that protected DVDs from being copied back in 1999. Having also reverse engineered Apple's FairPlay DRM technology, among other hacking feats, he recently co-founded a company called doubleTwist that makes music jukebox and synchronization software similar to iTunes.

These days, Johansen is urging Google to take steps to deal with the trademark and copyright infringement that he claims is widespread in Android Market applications.

Other prominent Google observers like John Battelle, program chair and co-moderator of the Web 2.0 Summit and author for The Search, echo Johansen's observations. "I've heard over and over that Android's user experience, when it comes to apps, is terrible, and it's a major reason why folks love Apple," he wrote in response to Johansen's post on Monday.

Google didn't immediately respond to a request for comment.

Google's Android Market forums include similar complaints. A developer of iPhone games posting under the name "tomsamson" -- a handle used by Ugur Ister of Stimunation -- writes that "coming from the very restrictive App Store environment," he's excited to give the Android platform a try. However, he tempers his expectations by noting that the Android Market appears to have a number of problems.

He complains about app prices appearing in different currencies in the same store, image display problems, a poor store search interface, the absence of an app category display mechanism to boost the visibility of certain app genres, a return policy that makes it too easy for users to return apps, and the ease with which Android apps can be copied without authorization. (Unauthorized copying affects iPhone developers too.)

Other people posting to Google's Android Market forum complain that Google doesn't do enough to moderate App feedback from users, which they say contains too much crude, useless, or offensive content.

One of the more popular threads on Google's Android Market forum is a call for parental controls to prevent minors from accessing explicit content through the Android Market. "I would love an Android-based phone but Google's lack of priorities in this area is forcing me to an iPhone also," writes one forum user. "I want [the] ability to filter out any content I don't like."

While third-party content filtering software is available for Android phones, many of the complaints raised by Android users appear to have some merit. If Google really wants the Android platform to surpass the iPhone, it can't afford to rely on the sort of hands-off, automated approach it prefers.

Somewhere between anti-democratic refusal to approve politically-oriented apps and excessive tolerance of those abusing the system, there's a balance that allows freedom and responsible oversight to co-exist. It remains to be seen whether Apple, Google, or some other company will discover it first.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.