Vulnerabilities / Threats
6/28/2010
07:07 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Android Market Under Fire

A prominent programmer's call for Google to improve its Android Market is echoed by Android users and developers.

When Apple gets criticized for its management its iTunes App Store, the issue tends to be that the company's rules are deemed to be too strict and too opaque.

When Google gets criticized for its management of the Android Market, it's just the opposite.

"Google does far too little curation of the Android Market, and it shows," declared programmer Jon Lech Johansen in a blog post on Sunday. "Unlike Apple's App Store, the Android Market has few high quality apps."

Johansen is best known for being one of three programmers who cracked the CSS algorithm that protected DVDs from being copied back in 1999. Having also reverse engineered Apple's FairPlay DRM technology, among other hacking feats, he recently co-founded a company called doubleTwist that makes music jukebox and synchronization software similar to iTunes.

These days, Johansen is urging Google to take steps to deal with the trademark and copyright infringement that he claims is widespread in Android Market applications.

Other prominent Google observers like John Battelle, program chair and co-moderator of the Web 2.0 Summit and author for The Search, echo Johansen's observations. "I've heard over and over that Android's user experience, when it comes to apps, is terrible, and it's a major reason why folks love Apple," he wrote in response to Johansen's post on Monday.

Google didn't immediately respond to a request for comment.

Google's Android Market forums include similar complaints. A developer of iPhone games posting under the name "tomsamson" -- a handle used by Ugur Ister of Stimunation -- writes that "coming from the very restrictive App Store environment," he's excited to give the Android platform a try. However, he tempers his expectations by noting that the Android Market appears to have a number of problems.

He complains about app prices appearing in different currencies in the same store, image display problems, a poor store search interface, the absence of an app category display mechanism to boost the visibility of certain app genres, a return policy that makes it too easy for users to return apps, and the ease with which Android apps can be copied without authorization. (Unauthorized copying affects iPhone developers too.)

Other people posting to Google's Android Market forum complain that Google doesn't do enough to moderate App feedback from users, which they say contains too much crude, useless, or offensive content.

One of the more popular threads on Google's Android Market forum is a call for parental controls to prevent minors from accessing explicit content through the Android Market. "I would love an Android-based phone but Google's lack of priorities in this area is forcing me to an iPhone also," writes one forum user. "I want [the] ability to filter out any content I don't like."

While third-party content filtering software is available for Android phones, many of the complaints raised by Android users appear to have some merit. If Google really wants the Android platform to surpass the iPhone, it can't afford to rely on the sort of hands-off, automated approach it prefers.

Somewhere between anti-democratic refusal to approve politically-oriented apps and excessive tolerance of those abusing the system, there's a balance that allows freedom and responsible oversight to co-exist. It remains to be seen whether Apple, Google, or some other company will discover it first.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
FTC Opens Probe into Equifax Data Breach
Jai Vijayan, Freelance writer,  9/14/2017
Equifax CIO, CSO Step Down
Dark Reading Staff 9/15/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.