There isn’t much good to say about the way Apple handled app store rejections and submissions in the early days of the iTunes App Store. But if you force yourself to push aside Apple’s former draconian policies for a second, I think we can all agree that Apple’s motivations were at the very least coming from a good place – to make the app store a fun and safe place to download apps. Okay, we’ll put the Kool Aid down for a second and admit that many of Apple’s app rejections were also self-serving.
In any event, Google has taken an opposite approach. Instead of vetting every app submission, they have no review process whatsoever. And while that may sound great for those who place a premium on digital freedom, it’s also resulted in the proliferation of malware on the Android Marketplace.
According to a new study from the Juniper Global Threat center, malware on Android devices is up a whopping 472% since July 2011. Yep, 472% in just 3 months.
These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications. With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include. Sure, your application can be removed after the fact—if someone discovers that it is actually malicious and reports it. But, how many unsuspecting people are going to download it before it is identified as malicious and removed?
It seems that downloading any financial-based app on Android is about as safe as handing over your belongings to your friendly neighborhood wallet inspector. There are, sadly enough, no shortage of stories regarding malicious Android apps that steal valuable customer information and are only discovered after the damage has been done.
This past May, for example, Google removed an astonishing 21 malware-infected apps from the Android marketplace. The apps in question were not only capable of transmitting a user’s private data, but were also capable of downloading executable code from a remote server. Compounding matters is that the 21 apps in question, over a four day period, were cumulatively downloaded over 50,000 times with some estimates going as high as 200,000 downloads before Google ultimately removed them.
Compounding matters is that Android malware is becoming increasingly more sophisticated. What’s more, because many Android users aren’t running the most recent version of the Android OS, vulnerabilities that may have been patched in the most recent Android updates will likely still be present amongst the majority of Android toting customers.