Slashdot Mirror

← Back to Stories (view on slashdot.org)

1.2% of Apps On Google Play Are Repackaged To Deliver Ads, Collect Info

Posted by timothy on from the seems-like-an-undercount-to-me dept.

An anonymous reader writes "Not a month goes by without security researchers finding new malicious apps on Google Play. According to BitDefender, more than one percent of 420,000+ analyzed apps offered on Google's official Android store are repackaged versions of legitimate apps. In the long run, their existence hurts the users, the legitimate developers, and Google's reputation in general. Google Play has recently surpassed the one million mark when it comes to the apps it offers, and the researchers have analyzed a good chunk of the total in order to discover just how many are hiding their true nature."

6 of 131 comments (clear)

  1. Irrelevant by Russ1642 · · Score: 4, Insightful

    The total number of apps doesn't matter. The only stats worth anything involve the number of apps that are actually downloaded and run. There are thousands of useless or malware infested apps out there but are people really using them?

    1. Re:Irrelevant by fermion · · Score: 4, Insightful
      It does matter because Google Play is supposed to be the walled garden. It doesn't matter that 99% of the people in the school yard are supposed to be there, all it takes is few to turn the school yard into chaos.

      It also matters to the developers who wants to make a profit. If someone else can repackage your app and place it on the preeminent platform for Android Apps in exchange for ad revenue, that is bad. It also hurts the reputation of the original developer if that app is violating real of perceived privacy expectations.

      This is different from script kiddie or organized crime putting a pirated App on some open repository to be nice or steal identities. This is Google Play. People use it instead of more open repositories because they expect a level of security.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  2. How many downloads? by Fwipp · · Score: 3, Insightful

    How many people install the adware apps, though? I'd wager that the proportion of _downloads_ of adware is significantly less than 1.2%.

  3. Re:Quantity over quality by mythosaz · · Score: 4, Insightful

    Useless to whom?

    There's a ton of duplication, but not without some feature or preference issue. While I can imagine that the most obvious flashlight features are duplicated across all flashlight apps, I'm sure that there's a number of features (like support for specific phones and odd hardware lights, and widgets) preferences (tray icon, UI), or innovations (auto-off, strobe) that haven't been incorporated into the One True Flashlight App just yet. ...now when you want the one with the "help me" strobe that supports S4 gestures to change modes, you need some duplication.

    There's also a dozen niche apps. How many Magic The Gathering life counters do you need? [I'm nerd enough to know there's plenty of room for different apps here.] How many keyboards do you need? How many pop the bubbles games do you need?

    Just because you can't run a million apps doesn't mean that the thousand you could possibly use are the same as the thousand I could possibly use. Combine your thousand and my thousand and now we've probably got only 100 that overlap. You couldn't care less about having multiple Nissan Leaf apps because Torque Pro doesn't support reading advanced battery values from it -- but I do. Someone else cares about all sorts of stuff neither of us do.

  4. Re:Opt-in though? by Animats · · Score: 4, Insightful

    As long as the feature is opt in...

    The "opt in" was more like "we're making you an offer you can't refuse." It was pushed as an update to an existing add-on. The page with the terms was deliberately confusing. The privacy policy was originally missing. Some users reported that if you refused the tracking, the add-on then blocked major sites such as Flickr.

    I was amazed that got past Mozilla's approval process. They've sold out.

  5. Re:All or nothing approach is silly by mlts · · Score: 4, Insightful

    The problem is that Google's model works for people who know what they are doing.

    However, one reason iOS is so successful is the perception that you don't have to watch anything. If it is on Apple's store, it is safe for human consumption.

    The majority of the people out there will not look at the permissions an app wants, and just tap "accept". Android's model works with savvy users, but for the teen texter who barely can type while holding the steering wheel, it has its issues.

    Two ways to fix this: Go with additional permission requests upon first use like Apple or Blackberry's offerings, go with a tier of Play Store which is heavily curated, or both.