1.2% of Apps On Google Play Are Repackaged To Deliver Ads, Collect Info

An anonymous reader writes "Not a month goes by without security researchers finding new malicious apps on Google Play. According to BitDefender, more than one percent of 420,000+ analyzed apps offered on Google's official Android store are repackaged versions of legitimate apps. In the long run, their existence hurts the users, the legitimate developers, and Google's reputation in general. Google Play has recently surpassed the one million mark when it comes to the apps it offers, and the researchers have analyzed a good chunk of the total in order to discover just how many are hiding their true nature."

F-Droid, FTW

F-Droid is the open source store. Pleanty of good apps there that do just about anything you'd need an app to do, for free as in beer and free as in speach.

https://f-droid.org/

All or nothing approach is silly

[Mr_Silver]

I personally dislike Google's all-or-nothing approach to permissions. It gives the user a complete list of things (some of which may be valid and some not) with absolutely no context as to why they need this and then basically tell you that if you want the app then you have to accept the lot.

Coupled with a barely managed market place, you're just asking for someone to slip something malicious into the store and for anyone downloading it to blindly hit "accept".

A better method would be to rationalise some of the permissions (for example, do you really need to spook everyone with "read call state" given that it's used to suspend an app when a call comes in?) and then pop up a request to access the other permissions at the time when they are needed - a la iPhone.

That way I know why my app wants to access my contacts (because I've just pushed the button that says "invite a friend to a game") and also means that if I'm not comfortable with it having access to my call history then I can decline and still have the opportunity to continue using it.