Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Google Data Shows Dangers of Third-Party App Stores (onthewire.io)

Posted by yaelk on from the app-dangers dept.

Trailrunner7 writes: Google's position in the Internet world is a unique one. In one or another, the company controls or sees much of the traffic on the network and owns one of the larger computing arsenals on the planet. It's also in control of a decent chunk of the mobile world, thanks to Android's popularity, and securing that ecosystem is a tremendous challenge in both complexity and scope. Google scans more than 2 million apps every week for its 1.4 billion Android users. And it collects a lot of data from its users, of course. Some new data from the company shows that using only the Play store is much safer than using third-party app stores. The data Google has collected shows that users who install apps only from the Play store have far fewer potentially harmful apps installed on their devices than users who also sideload apps.

45 of 67 comments (clear)

  1. Vendor finds buying from vendor only is best buy by Anonymous Coward · · Score: 5, Insightful

    News at 11.

  2. Well no shit, Sherlock by Modern · · Score: 2

    Useless article.

    1. Re:Well no shit, Sherlock by Anonymous Coward · · Score: 1

      It has a use. It can be used as a demonstration on how to lie with statistics.

    2. Re:Well no shit, Sherlock by MobileTatsu-NJG · · Score: 1

      Heh. Google's basically saying that the Walled Garden is a more secure approach. Let that sink in for a moment.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    3. Re:Well no shit, Sherlock by skids · · Score: 1

      Plus they don't get the meta-data from people logging in to Google accounts just to download apps. (They could just as easily have posted signatures or digests for approved apps, but then they wouldn't have a monopoly on the web traffic and resulting log data.)

      --
      Someone had to do it.
    4. Re:Well no shit, Sherlock by reboot246 · · Score: 2

      Sometimes that can be a good thing. I've seen apps that start out great but get worse and worse with each new update. I kind of like seeing what's coming and being able to stick with an older version if I want it.

    5. Re:Well no shit, Sherlock by Zontar+The+Mindless · · Score: 1

      Tagged "wellDUH".

      --
      Il n'y a pas de Planet B.
    6. Re:Well no shit, Sherlock by johanw · · Score: 1

      Use Raccoon and download the playstoire version toyour PC. Then you can always go back.

    7. Re:Well no shit, Sherlock by Zeio · · Score: 1

      Google blocks AdAway and is working much harder to prevent root. This jailing of the user is meant to force the use of the app store which allows them to monetize personal data (being "scrubbed" (year right)) and targeted marketing.

      When apps that help to truly make your experience secure ( such as adaway that use fdroid and require root) by blocking horrible ads, scumware, malware, and other trash used by marketing on the internet.

      I use various lists just on hosts via android and dns creating blackhole zones with these lists:
      https://adaway.org/hosts.txt
      http://adaway.sufficientlysecu...
      http://hosts-file.net/ad_serve...
      https://pgl.yoyo.org/adservers...
      http://sysctl.org/cameleon/hos...
      http://winhelp2002.mvps.org/ho...
      http://www.mvps.org/winhelp200...
      http://someonewhocares.org/hos...

      Fanboy has some good lists as well

      A lot of these lists are not for blocking ads but for blocking really bad content from coming into your browsing experience.

      When Google and Apple actively prevent me from cleaning up this rubbish on a device I own and they kill all apps that attempt to do any of this and they remove all the hooks from the OS to allow us to do this its really a poor situation.

      Now I have to worry about fdroid going away while Google claims this is a fight against amazon - scamazon. As much as I dislike Bezos and Scamazon and want Google to keep them with a better offering, banning 3rd party appstores and apps is a bad idea because its the only way we can bypass the draconian and ridiculous "rules" the official rules of either Apple or Google app stores force on developers. There are a lot of useless apps out there but they have banned many useful ones because they conflict with their interests and not with safety or security.

      --
      Legalize the constitution. Think for yourself question authority.
  3. Third party app stores like... by h33t+l4x0r · · Score: 1

    Amazon? What exactly are we talking about here? Who are the players?

    1. Re:Third party app stores like... by Dutch+Gun · · Score: 4, Insightful

      I think Google is really talking about third-party stores in China, India, etc. I'm not sure if the Google presentation didn't mention those countries by name, though TFA does. Apparently, lots of people use them over there, and subsequently get viruses or malware. It probably causes Android malware vs iOS to be badly skewed. Google is rightly pointing out that you're more likely to get hit with malware from some sketchy Chinese app store than from Google Play. It's not really all that shocking a revelation. Think about CNet's Download.com and all the crap you get on your system if you use that site, and you get the basic idea.

      People are implying that Google is singling out Amazon here. While I don't think Google would shed tears if people somehow got that impression, I'd bet that Amazon's store is almost as safe as Google's. Besides, Amazon is a big boy and doesn't need defending from us, the peanut gallery. If they want to release a study demonstrating how safe their own store is, they're perfectly capable of doing so.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Third party app stores like... by tlhIngan · · Score: 1

      I think Google is really talking about third-party stores in China, India, etc. I'm not sure if the Google presentation didn't mention those countries by name, though TFA does. Apparently, lots of people use them over there, and subsequently get viruses or malware. It probably causes Android malware vs iOS to be badly skewed. Google is rightly pointing out that you're more likely to get hit with malware from some sketchy Chinese app store than from Google Play. It's not really all that shocking a revelation. Think about CNet's Download.com and all the crap you get on your system if you use that site, and you get the basic idea.

      Problem is, Google Play is not available in China. (I have no information on whether or not it is available in India).

      So if you're an Android phone user in China, you have no choice BUT to use a third party app store. And there are several Chinese app stores, and various ones run by the carriers. Of course, they are havens for piracy and malware since those stores do not care about user safety or anything.

      For this, to increase safety would require developers to release the APKs on their own websites and simply not use those sketchy app stores.

  4. Re:Not necessarily true for desktop software, thou by richy+freeway · · Score: 3, Insightful

    Do fucking shut up.

  5. app store censorship and carrier lockdown are bad by Joe_Dragon · · Score: 1

    app store censorship and carrier lockdown are bad parts of a 1 app store only system.

  6. Hmm... by wwalker · · Score: 3, Interesting

    In other words, Google says Google is better. How about an *independent* study?

  7. Re:app store censorship and carrier lockdown are b by sims+2 · · Score: 1

    Anyone else remember when apple pulled all the apps that let you use the camera flash as a flashlight? Or how you still afaik can not get a app to scan wifi aps?

    --
    Minimum threshold fixed. Thanks!
  8. Poor article by c0d3g33k · · Score: 1

    TFA has all the factual content of a fluff piece read by the attractive yet dimwitted weekend morning anchor on the local news. There is no information at all to back up the baseless claims in the article. Not even a link to the "data" or a summary of the "data" that Google has allegedly collected.

    This story should never have made it out of the firehose.

  9. Re: Vendor finds buying from vendor only is best b by Anonymous Coward · · Score: 1

    I just checked channel 4 and the news is on right now.

  10. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  11. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  12. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  13. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  14. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  15. Hey editors! by BronsCon · · Score: 1

    In one or another

    It seems this article has lost its "way".

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  16. Re:Not necessarily true for desktop software, thou by fluffernutter · · Score: 1

    That's a relief, because I chose the totally naive route and IGNORED THEM.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  17. Re: app store censorship and carrier lockdown are by LDAPMAN · · Score: 1

    The ability to use the flash as a light is built into the OS now.

  18. Re:Not necessarily true for desktop software, thou by Anonymous Coward · · Score: 1

    Until systemd resets the system date to it's release date and triggers a nuclear launch.

  19. f-droid? by ChunderDownunder · · Score: 1

    I'd personally trust more a repository of programs where the programs had been built from source by volunteers and was free to tinker with under a FOSS license.

    1. Re:f-droid? by oddware · · Score: 1

      Changed over to F-droid only about 3 years ago. Never installing the GAPPS services again as my phones have longer battery life and no more invasive 'We are going to do this/that, click ok to accept, click i disagree (for the 200th time) if you do not accept"

    2. Re:f-droid? by oddware · · Score: 2

      Use Owncloud and Tasks App + DAVDroid for Contact, Task & Calendar Syncing/Backup over multiple devices.
      Owncloud with the genuine Owncloud & Owncloud Notes for file and Note taking.
      Car Reports for recording your vehicle expenses (also syncs to owncloud and all your devices).
      OSMAnd~ for full voice navigation.

    3. Re:f-droid? by oddware · · Score: 1

      AC nailed it.

      I also use conversations for xmpp but a few of my users prefer Xabber as it is a little more user friendly (Has a better "Currently Online" view).

      KeePassDroid, Open Camera, VLC, AnySoftKeyboard are all excellent suggestions.
      i will add Hackers keyboard (not as polished as anysoft but usefull if you ssh from your droid), AdAway (Blocks Ad's throughout the whole phone - Requires Root) and Ghost Commander (+ Plugins) just to name a few.

      I currently run Openfire for the XMPP server but will be porting over to Prosody as it is less resource hungry (Ran Prosody on a Raspberry Pi with Asterisk off a solar panel on a trip with a group, yeah....nerd)

      If you have tinkered with the idea of making the switch (away from GAPPS) i highly recommend it, you phone will simply be better (and yours).

  20. Google Slashvertisement by omnichad · · Score: 1

    Looks like a Google employee managed to get an advertising piece linked to from Slashdot's main page.

  21. Google created the monster by Kevin108 · · Score: 1

    If Google wasn't so stupid about what they don't allow in the Play Store, the 3rd party market wouldn't have been born.

    --

    It's a perfect time for being wasted.
    A perfect time to watch the stars.
    - Burden Brothers, "Beautiful Night"
    1. Re:Google created the monster by GuB-42 · · Score: 1

      That's not it. They are rather tolerant in what they accept, there are a few touchy subjects like ad blockers and sometimes an app is removed for some time for obscure reasons (like Tasker). But globally you can find almost everything legal in the play store, even root apps and apps that compete directly with Google's offering. These are not things that you will find on the Apple app store.

      The real reason is that :
      - For OEMs to get the Play store and the rest of the gapps on their devices, they need to follow Google's guidelines, something they sometimes don't want to.
      - Google gets 30% of all app sales in addition to valuable user data. Something that 3rd parties would prefer to end up in their own pockets.
      - China.

      True alternative markets installed by users themselves are, I think, a minority. And I think a large part of them are for piracy. Free software markets like F-Droid, the ones that everyone here like to talk about are probably just a niche. A very important niche but a niche anyways.

  22. Re: Vendor finds buying from vendor only is best b by davester666 · · Score: 2

    That's news to me.

    --
    Sleep your way to a whiter smile...date a dentist!
  23. Re:PHA? by mindwhip · · Score: 1

    In-app purchases that happen directly or indirectly without proper notification or consent, because a user picked what seemed like the easy 'best' option when they were asked for a default choice, without being notified of the full context and implications of that choice.
    As long as Google get their cut they don't care.

    PS: Apple do this too.

    --
    [The Universe] has gone offline.
  24. Yes but there is an obvious reason for this by DrXym · · Score: 1
    Some people use 3rd party app stores in order to obtain warez. They search for some app which costs a fortune on Play and find a dubious place to obtain it for free. e.g. type "final fantasy apk" and various hits come up.

    It doesn't so much follow that Play is safer (although it probably is for other reasons), but that there are determined idiots out there who'll put their phone, privacy and security at risk to save a few dollars.

    BTW, there are many reputable 3rd party app stores who either curate or proactively monitor their submissions but Google probably doesn't make the distinction. It probably just scans apks on infected phones and determines if they came from their store or "somewhere else" which means Amazon's appstore, F-droid and all the rest are lumped in with the warez sites.

    1. Re:Yes but there is an obvious reason for this by drinkypoo · · Score: 1

      BTW, there are many reputable 3rd party app stores who either curate or proactively monitor their submissions but Google probably doesn't make the distinction. It probably just scans apks on infected phones and determines if they came from their store or "somewhere else" which means Amazon's appstore, F-droid and all the rest are lumped in with the warez sites.

      On the other hand, if you're using Chrome and syncing your phone, are you leaking your history back to Google? They might well know where you got those APKs.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Yes but there is an obvious reason for this by DrXym · · Score: 1

      During setup Google sticks a popup asking if it can scan all your apps for security. I assume any stat gathering falls out of that. It should be straightforward for them to figure out if an apk comes from their store by comparing the hash, signatures etc.

  25. ehhhh...? by beh · · Score: 1

    So, basically google now says, that Apple's "single App Store" is the better model?

    1. Re:ehhhh...? by alex67500 · · Score: 1

      Hang on, Google have always said that Google's "single Play Store" was the best approach, and Amazon think the same with their store. The only reason Google had to open its stores to others is to show they weren't trying to create a monopoly.

  26. pretty bad result for google play by sad_ · · Score: 1

    10 times more secure of whatever then other android app stores, is still bad, it should be zero. We're talking about malware here, why is it even on google play?
    I wonder what the malware rate for the f-droid 'store' is?
    Screw this closed source mobile app world, it's even worse then what we had on windows.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  27. Re:app store censorship and carrier lockdown are b by swb · · Score: 1

    There is an *Apple* app for their own APs that has a scan mode that lets you scan for APs. It's not as fancy as some I've seen for Android, but it's useful enough to have.

  28. Re:PHA? by johanw · · Score: 1

    They also mean potentially harmful to their profits: adblockers, tools like Lucky Patcher that can hack playstore verification and disble ad services, etc. are all banned from the playstore.

  29. Re:app store censorship and carrier lockdown are b by tlhIngan · · Score: 1

    Or how you still afaik can not get a app to scan wifi aps?

    Because there's no way to write a wifi-scanner without using private APIs. You can probably write a very basic one that scans for available APs, but gets you little more than what the settings dialog shows you anyways using the available APIs. Getting any more information requires private API usage which is banned.

    Of course, no one really talks much about it since Apple has an open-source sideload ability now - open source apps can be loaded on your iOS device provided you have a Mac. (Yes, I say open-source because Apple strongly discourages abusing this mechanism for binary only apps - which is what happened to f.lux - they distributed their app as a binary with an Xcode project wrapper).

    Which I find mind-boggling, for Apple has found a way to have a walled garden, support open-source applications (no, you can't download binaries, but you can certainly BUILD the binary yourself and load it on your device), with the advantage that open-source apps can do a lot of things since Apple doesn't approve them. Oh yeah, added Mac sales, yadda yadda yadda.