Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Might Be Gearing Up To Remove Millions of Play Store Apps Next Month (pcworld.com)

Posted by msmash on from the spring-cleaning dept.

An anonymous reader shares a PCWorld report: Take a look at the digital shelves of the Google Play Store and you're likely to come across a bevy of so-called zombie apps. These apps typically take the form of a knock-off of a popular game or a sloppy utility that doesn't quite match its description, and they strategically turn up alongside legitimate apps, which makes them hard to spot if you're not doing a forensic analysis of reviews while you shop. Now it looks like something is finally being done about them. In a letter uncovered by The Next Web, Google has begun warning some developers that one or more of their apps has been flagged for a lack of an adequate privacy policy, a common problem among these sort of hastily published and subsequently ignored apps. In the message, Google reiterates its policy, which "requires developers to provide a valid privacy policy when the app requests or handles sensitive user information." Such permissions include camera, microphone, account, contacts, or phone access, which requires a transparent disclosure of how user data is handled, according to Google's requirements. It's unclear how many letters were sent out, but The Next Web estimates it could affect millions of apps.

53 comments

  1. And nothing of value... by Anonymous Coward · · Score: 0

    And nothing of value will be lost...

  2. How to improve security: Limit access apps by Anonymous Coward · · Score: 1

    If the app your developing requires access to contacts, camera, and other functionality an increasing level of scrutiny should be given. The harder you make it the less likely these malicious apps will succeed.

  3. I guess... by TWX · · Score: 1

    ...no more "Poke mongo"...

    --
    Do not look into laser with remaining eye.
    1. Re:I guess... by Anonymous Coward · · Score: 0

      Mongo just cog in great wheel of life

    2. Re:I guess... by Anonymous Coward · · Score: 0

      "Mongo only pawn in game of life."

  4. Openess leads to viruses by The+New+Guy+2.0 · · Score: 0

    Apple led the way by blocking unknown apps from its app store... which is why there's no need for an antivirus for iPhones. Google seems a few steps behind but starting to catch up.

    1. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      Apple led the way by blocking unknown apps from its app store... which is why there's no need for an antivirus for iPhones.

      Prepare to be flame broiled...

    2. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      What do you mean "unknown"? That sentence makes no sense. Both Google and Apple review submitted apps before they are allowed into their respective app stores.

      And if you don't enable installing apps from shady pirate app sources, and you pay attention to the permissions apps request, there is no more need for antivirus on Android than there is on iOS.

    3. Re:Openess leads to viruses by Anonymous Coward · · Score: 1

      Why? ISTR Apple has never had a single iOS compromise unless it was a jailbroken device.

    4. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      Why? ISTR Apple has never had a single iOS compromise unless it was a jailbroken device.

      Oh, I agree. But it goes against the Anti-Apple Group Think.

    5. Re: Openess leads to viruses by Anonymous Coward · · Score: 0

      Still waiting for the day that Google allows me to disallow internet/network access to apps.

    6. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      What do you mean "unknown"? That sentence makes no sense. Both Google and Apple review submitted apps before they are allowed into their respective app stores.

      Apparently this isn't the case for Chrome extension store, at least... they have tons of obviously fake extensions, using most common brand names, which stay available for months, if not more, despite bad ratings and comments...

    7. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      people that rented their device from Apple have no app security problems unlike owners that installed whatever they wanted on their owned Apple device?

      I am shocked! Please sign me up to the ApplePower newsletter, sir!

    8. Re:Openess leads to viruses by Frosty+Piss · · Score: 2

      And if you don't enable installing apps from shady pirate app sources, and you pay attention to the permissions apps request

      Come on... To the *average* phone user, that's like saying "First you open a terminal..." and watch their eyes glaze over.

      --
      If you want news from today, you have to come back tomorrow.
    9. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      And if you don't enable installing apps from shady pirate app sources, and you pay attention to the permissions apps request

      Come on... To the *average* phone user, that's like saying "First you open a terminal..." and watch their eyes glaze over.

      Are you saying the *average* phone user knows enough to enable installing of apps from unkown sources, and to find and use pirate app stores, but yet is incapable of understanding the risks of doing so? Come on yourself. Anyone enabling installation of apps from unknown sources on their phone knows what they're doing.

    10. Re:Openess leads to viruses by Frosty+Piss · · Score: 1

      Anyone enabling installation of apps from unknown sources on their phone knows what they're doing.

      You can't be serious...

      --
      If you want news from today, you have to come back tomorrow.
    11. Re:Openess leads to viruses by Altrag · · Score: 1

      Phew. Good thing https://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/ never happened. Or http://www.cultofmac.com/241463/researchers-sneak-malicious-ios-app-into-the-app-store-undetected/ that. Or even http://www.reuters.com/article/us-apple-china-malware-idUSKCN0RK0ZB20150921 that (which is a precursor to the first link I posted, so they obviously aren't even very good at fixing the problems when they show up!)

      But hey we live in a world of alternative facts, so believe whatever you want I guess. Truth is irrelevant in our brave new world.

    12. Re:Openess leads to viruses by Anonymous Coward · · Score: 0

      How much does astroturfing pay?

    13. Re:Openess leads to viruses by Applehu+Akbar · · Score: 2

      "Why? ISTR Apple has never had a single iOS compromise unless it was a jailbroken device."

      Because the mindset here is that living in daily fear of the next ransomware attack is for some reason preferable to Apple's walled garden. I myself am happy in the walled garden so long as there are still apps for all my use cases.

    14. Re: Openess leads to viruses by Anonymous Coward · · Score: 0

      Wirelurker anyone?

    15. Re: Openess leads to viruses by greenfruitsalad · · Score: 1

      Not gonna happen until they separate the ad banner from the actual app.

  5. Hyperbole by Scutter · · Score: 4, Insightful

    Given that Google Play only has an estimated 2.6 million apps as of December, "gearing up to remove millions of apps" seems like a bit of a stretch. Could we maybe report stories without making up dramatic numbers?

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    1. Re:Hyperbole by Anonymous Coward · · Score: 0

      That probably isn't stretch since 90% of the apps are probably bogus or abandoned.

    2. Re:Hyperbole by Altrag · · Score: 3, Funny

      No.

    3. Re:Hyperbole by mmell · · Score: 0
      Welcome to Slashdot. You must be new here.

      How'd you ever get a low five digit UID?

    4. Re:Hyperbole by Scutter · · Score: 2

      Unnecessary ad hominem is all you have to contribute?

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    5. Re:Hyperbole by Anonymous Coward · · Score: 0

      Careful there. You're about to start a recursive stack.

    6. Re:Hyperbole by jafac · · Score: 1

      Beats me.

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
    7. Re:Hyperbole by sad_ · · Score: 1

      After removing 2 million, you'll have 600.000 left, that's still too much.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
  6. Google is full of LUDDITES. by Anonymous Coward · · Score: 0, Interesting

    Google is simply jealous that they aren't appy enough to know how to app apps, because only LUDDITES would want to remove appy app apps from app stores! Appdows 10 has the appiest apps and never has to remove apps, because only apps can app apps!

    Apps!

  7. Don't give apps permissions by Anonymous Coward · · Score: 1

    When I see a simple app asking access to camera and/or contacts I delete that app immediately.

    1. Re: Don't give apps permissions by Anonymous Coward · · Score: 0

      Sime app say "fuck you, I wouldn't want to run on your phone anyhow, loser".

    2. Re:Don't give apps permissions by MrL0G1C · · Score: 1

      It should be easily possible to deny these things in settings, Android is deeply flawed.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  8. Re:BREAKING NEWS!! Leftism failure in Venezuela by Anonymous Coward · · Score: 0

    Europe the has-been is a shithole.

  9. Re:BREAKING NEWS!! Leftism failure in Venezuela by FatdogHaiku · · Score: 0

    You left out anteaters...

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  10. Very poor implementation by Anonymous Coward · · Score: 0

    As a little niche app developer, this new requirement for having a privacy statement based on app permissions is a a bunch of BS. My app asks for permissions to process data on the phone, and nothing ever leaves the phone. So the privacy statement here is "nothing will ever be shared", end of story.

    Now I need to set up a web site, write a bunch of legalese (or copy from some other site that I trust means something legal) and link to it from my app's profile. Who at Google is going to read and vet the legalese that is posted (assuming it's not just an excerpt from a public domain poem)? Will users actually read and understand a long legal document? If the answer to these is no, then the forced link serves no purpose.

    What a PITA. Instead there should be a few options like "this app does not collect or transmit any information off the phone" and that's it. One of those options could be "provide my own statement" and a URL.

    Sadly, little guys like me have no way to express our frustration over these changes. So when the deadline hits my app will be gone forever. Too bad.

    1. Re: Very poor implementation by Anonymous Coward · · Score: 0

      I got one of those letters too... but my app wasn't even available yet (it is in alpha test). I just updated my policy and was done with it. It is obviously an automated process, so I'm sure if you find some other privacy policy and just cut and paste the headings and add one line explanations for each section you'll be ok. I'm not a lawyer...

    2. Re:Very poor implementation by Puls4r · · Score: 1

      You sir have just found an untapped market.

      1 Create a page that has dropdowns and automatically generates a privacy webpage.
      2. Provide a link to the page after it's generated. Think image storage sight, but in this case it's a privacy policy creation site.
      3. ??????
      4. Profit!

    3. Re:Very poor implementation by Anonymous Coward · · Score: 0

      You may share your user's data with (tick all that apply):
      [ ] Other apps
      [ ] Random people in your own company
      [ ] Data Gnomes
      [ ] Advertisers
      [ ] Anyone who pays you
      [ ] Satan

  11. There are millions of apps? by Anonymous Coward · · Score: 0

    Wow! Who knew?

  12. failed API by Anonymous Coward · · Score: 0

    So which apps are implemented as to insecure to the model API, or is every development platform lacking security until Programmers have a college accreditted degree?

    What is security if the API is only there to distinguish from competing platforms?

  13. Don't steal. The government HATES competition. by mmell · · Score: 1

    So does Google. All your SPI are belong to us!

  14. This is all fine but by reboot246 · · Score: 2

    I really wish there was a way to sort the search results when I'm looking for an app. All the crappy ones usually show up first and I have to scroll endlessly to find the right one or a good one.

  15. Google Play store sucks by Anonymous Coward · · Score: 0

    I gave up on Google Play Store a few months ago. Couldn't believe the amount of crap apps that have ridiculous permissions attached to them. It's incredible what Google allows for apps. I guess at one point its just been about bragging rights for how many are available. I've tried the Amazon underground and that's not a whole lot better. Yea, I can see how people get hooked into these faux apps that appear to be the real deal. The store is the biggest disappointment about Android for me.

  16. ES file explorer by slew · · Score: 2

    ...sloppy utility that doesn't quite match its description...

    What started out as a useful utility has descended down such a hell hole that I had to uninstall it... Removing it from the Playstore would be the next logical step.

  17. Say Hello to Neighbor by hackwrench · · Score: 1

    And how about the apps in videos that should be returned by https://www.youtube.com/result... but for some reason, I am getting an error message. YouTube search is apparently broken for me. I used the YouTube feedback form. I also wrote a comment that their error message contains no real useful information. Why are big companies' error messages so useless?

  18. batch chmod app? by Anonymous Coward · · Score: 0

    how would I automate revoking every intercommunication or privilege to every app?

    Surely, peeling through the Sertings InstalledApp program todo by hand on each installed app would take too long. Ontop of that, the Google presence pf so many apps that I dont use seems to be proxy network access through other unlisted apps that still have permissions needed by those that are blocked.

  19. Lack of privacy policy != shady app by Anonymous Coward · · Score: 2, Interesting

    I just received such a mail last week about one of my apps (a music visualiser that uses the microphone). None of my apps have a privacy policy because none was required by Google up until now, and I couldn't be bothered (I'm a hobbyist app creator). Turns out that it's the law in some countries. If your app has access to personal information (such as contacts, camera, microphone, ...), or sends user information to a server somewhere, you MUST have a privacy policy that explains what you do with this information. All Google is doing now, is enforce that law. It has nothing to do with fighting knock-off apps or improving the quality of the apps in the store.

  20. Re:BREAKING NEWS!! Leftism failure in Venezuela by Anonymous Coward · · Score: 0

    Make America great again. Grab them by the pussy! #MAGA

  21. Details are strange by Anonymous Coward · · Score: 0

    I got an app flagged. It requests just ACCESS_FINE_LOCATION without even asking for INTERNET permissions. So how does this make it sensitive? Got no response from the google-play team.

  22. ROT IN M2 HELL! by Anonymous Coward · · Score: 0

    Uh, we have a flamebait mod point up there, with no flames.