Vulnerabilities / Threats
6/28/2010
07:07 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Android Market Under Fire

A prominent programmer's call for Google to improve its Android Market is echoed by Android users and developers.

When Apple gets criticized for its management its iTunes App Store, the issue tends to be that the company's rules are deemed to be too strict and too opaque.

When Google gets criticized for its management of the Android Market, it's just the opposite.

"Google does far too little curation of the Android Market, and it shows," declared programmer Jon Lech Johansen in a blog post on Sunday. "Unlike Apple's App Store, the Android Market has few high quality apps."

Johansen is best known for being one of three programmers who cracked the CSS algorithm that protected DVDs from being copied back in 1999. Having also reverse engineered Apple's FairPlay DRM technology, among other hacking feats, he recently co-founded a company called doubleTwist that makes music jukebox and synchronization software similar to iTunes.

These days, Johansen is urging Google to take steps to deal with the trademark and copyright infringement that he claims is widespread in Android Market applications.

Other prominent Google observers like John Battelle, program chair and co-moderator of the Web 2.0 Summit and author for The Search, echo Johansen's observations. "I've heard over and over that Android's user experience, when it comes to apps, is terrible, and it's a major reason why folks love Apple," he wrote in response to Johansen's post on Monday.

Google didn't immediately respond to a request for comment.

Google's Android Market forums include similar complaints. A developer of iPhone games posting under the name "tomsamson" -- a handle used by Ugur Ister of Stimunation -- writes that "coming from the very restrictive App Store environment," he's excited to give the Android platform a try. However, he tempers his expectations by noting that the Android Market appears to have a number of problems.

He complains about app prices appearing in different currencies in the same store, image display problems, a poor store search interface, the absence of an app category display mechanism to boost the visibility of certain app genres, a return policy that makes it too easy for users to return apps, and the ease with which Android apps can be copied without authorization. (Unauthorized copying affects iPhone developers too.)

Other people posting to Google's Android Market forum complain that Google doesn't do enough to moderate App feedback from users, which they say contains too much crude, useless, or offensive content.

One of the more popular threads on Google's Android Market forum is a call for parental controls to prevent minors from accessing explicit content through the Android Market. "I would love an Android-based phone but Google's lack of priorities in this area is forcing me to an iPhone also," writes one forum user. "I want [the] ability to filter out any content I don't like."

While third-party content filtering software is available for Android phones, many of the complaints raised by Android users appear to have some merit. If Google really wants the Android platform to surpass the iPhone, it can't afford to rely on the sort of hands-off, automated approach it prefers.

Somewhere between anti-democratic refusal to approve politically-oriented apps and excessive tolerance of those abusing the system, there's a balance that allows freedom and responsible oversight to co-exist. It remains to be seen whether Apple, Google, or some other company will discover it first.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio