Unlike proactive Apple, reactive Google doesn’t block malware from Android app store

invisibleSHIELD case for iPad“As smartphones and the applications that run on them take off, businesses and consumers are beginning to confront a budding dark side of the wireless Web,” Spencer E. Ante reports for The Wall Street Journal (“Dark Side Arises for Phone Apps”). “Online stores run by Apple Inc., Google Inc. and others now offer more than 250,000 applications such as games and financial tools. The apps have been a key selling point for devices like Apple’s iPhone. But concerns are growing among security researchers and government officials that efforts to keep out malicious software aren’t keeping up with the apps craze.”

MacDailyNews Take: See how Spence did that? He first made Google’s Android look like an equal of Apple’s when, in fact, 210,161 of those “more than 250,000 applications” he cites happen to reside in Apple’s App Store. Then he makes it seem as if malware as big a concern for Apple’s iPhone as for Google’s Android when nothing could be further from the truth. We fixed the Journal’s headline, too. Ours conveys the real story much more clearly.

Ante continues, burying the lede several paragraphs into his piece, “Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn’t have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. ‘We check reactively,’ said a Google spokesman.”

MacDailyNews Take: Ante then reports that the FBI and U.S. Air Force have barred employees from downloading apps, but specifically mentions RIM BlackBerry in conjunction with the Air Force, not iPhone, while failing to explain what type of phone the FBI uses (must be classified). Even if the FBU uses iPhones, barring employees from downloading apps doesn’t necessarily mean that malware is a concern; perhaps they simply don’t want them whiling away the day with Super Monkey Ball. Again, the most important thing in his report is something Spencer seems to want to obfuscate. We won’t oblige and therefore repeat Ante’s words, “Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn’t have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. ‘We check reactively,’ said a Google spokesman.”

Ante continues, “‘We all see this tipping point coming,’ said Peter Tippett, who oversees an investigative-response team that studies computer crime at Verizon Business, a unit of Verizon Communications Inc. that serves corporations. ‘There is a lot of activity to figure out how to make it less likely that a financial transaction would be exploited’ on a mobile phone, he said.”

MacDailyNews Take: So, Tippett sees a tipping point. Cute onomatopoeia aside, Verizon offers BlackBerry and Android devices, not Apple’s iPhone.

Ante continues, “Some security experts believe Google’s Android Market is more vulnerable than other app stores since Google doesn’t examine all apps before they are available for users to download.”

MacDailyNews Take: Kudos to Spence for throwing that line in; however, when you read his whole piece, the general takeaway is that it’s an attempt to tar all smartphones with the same brush. We encourage you to read his full article and see if you agree.

Ante continues, “A Google spokesman said the company has put in place security measures, such as remotely disabling apps found to be malicious and requiring developers to register with its Checkout payment service, and argued there’s no evidence for claims that its store poses a greater risk than others.”

MacDailyNews Take: Oh, really? Malware designed to steal bank information pops up in Google’s Android app store, January 11, 2010. A bit of research from Spence would have been welcome in that spot, don’t you think?

Ante continues, “Apple vets applications before they appear in its App Store, but risks still exist. In July 2008, Apple pulled a popular game called Aurora Feint from its store after it was discovered to be uploading users’ contact lists to the game maker’s servers. More recently, it yanked hundreds of apps it said violated its policies, some out of security concerns.”

MacDailyNews Take: July 2008. And it wasn’t stealing bank information, either. The hundreds of apps Apple removed recently were due to objectionable content (nudity, etc.) not “security concerns.” Plese see: Apple removes porn and sex apps from iTunes App Store, February 19, 2010.

Ante continues, “‘Consumers should be aware that iPhone security is far from perfect and that a piece of software downloaded from the App Store may still be harmful,’ wrote software engineer Nicolas Seriot in a research paper detailing iPhone security holes that he presented at a computer security conference in February.”

MacDailyNews Take: That’s fine and dandy, but why does he limit it to iPhone? It’s curious. Again, this “report” seems to try really, really hard to equate all smartphones’ security concerns, when they most certainly are not equal. As Spence himself reported earlier, “Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn’t have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. ‘We check reactively,’ said a Google spokesman.”

Ante continues, “Apple’s iPhone itself isn’t immune to mobile threats, either. Since 2008, security experts have identified at least 36 security holes in the phone’s software, according to a review of the National Vulnerability Database maintained by the Department of Homeland Security. One, identified in September 2009, could have allowed hackers to learn someone’s username and password from messages sent to servers when browsing the Web.”

MacDailyNews Take: That’s okay, Spence, we’ll finish your report for you: That September 2009 issue has since been corrected and unlike most Google Android users, Apple iPhone users can update their devices quickly and easily to the latest OS with the latest security fixes. Please see: Android users unlikely (and often unable) to upgrade their operating systems, May 03, 2010. You’re welcome, Spence.

Ante continues, “Some victims are now more cautious. Sara Dellabella, a car saleswoman in Cuba City, Wisc., said she doesn’t download as many apps on her Motorola Inc. Droid phone, which uses Google’s Android software, after a malicious game her son downloaded from the Android Market wiped out all of her text messages and personal notes. ‘It just rips your heart out,’ she said. ‘I am being more vigilant now.'”

MacDailyNews Take: You’d better be more vigilant, Sara. After all, “Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn’t have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. ‘We check reactively,’ said a Google spokesman.”

Full article here.

MacDailyNews Take: Yellow journalism, just amateurish reporting, and/or something else? Please read the full article and let us know what you think. Also, while you’re at it, let The Wall Street Journal know, too:

36 Comments

  1. Despite attempts like this, and similar attempts on the Mac/PC front, the truth will win out in the end.

    The only thing missing is accountability for reporters who deliberately bend the truth to sell the story they want to tell.

  2. MDN: Yellow journalism, just amateurish reporting, and/or something else?

    The ‘Careless Caveat’ applies: Never attribute to malice that which can be explained by mere incompetence.

  3. Breaking News: ” In a recent study, researchers have found that the WSJ has no editorial staff”. Researcher jax44 says “Well, I suppose I am correct, besides the Times pays me”.

  4. After reading the article, I now know Apple’s approach to the app store is definitely right. Soon Google will have to adapt a similar approach.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.