The Android marketplace has few restrictions for uploading. Google is implementing Bouncer to try and get rid of malicious apps.
Historically, the Android marketplace has been a much more accepting and open store for app developers than the Apple store. The consequences of that much openness? Spam and malware. Up until now, Google has taken a hands-off approach to the content in their store but now, in the light of growing numbers of malware and spam apps, Google is going to take back the Android marketplace.
Last week, Google announced the store’s latest service that will auto-scan all uploaded apps in the Android marketplace. Fittingly, the project’s codename is Bouncer. Even with this extra security measure, there still is not pre-approval process in the store, which will hopefully keep developers happy. Specifically, Bouncer is scanning for malware, trojans, spyware and any other actions that make the app appear to be dangerous for users. One way it accomplishes this is by comparing the uploaded app to other apps that have already gotten a clean bill of health from the scanner.
Although this new security feature was not announced until last week, it has actually been in operation for the past few months. If the scanner finds an app that raises any red flags, an Android team member removes the app from the store and bans the developer from uploading anything else. To prevent any banned developers from trying to dupe the system and try to create a new account, Android team members actively monitor new marketplace developer signups.
Additionally, to make sure developers don’t upload a clean app then edit it later to be malicious, Bouncer doesn’t just scan apps when they’re uploaded – it scans existing apps periodically too.
Google’s Android app store is designed to be as un-Apple as possible. To get an app into the Apple store, developers have to wait while their apps are screened and reviewed. Apps can be denied admittance into the store for malware, illegal content, or even if an app is just a poorly designed piece of software. There have been many complaints that acceptance into the Apple app store is severely subjective, to the annoyance of perplexed developers who aren’t exactly sure why their apps have been denied.
The biggest complaint from most Apple developers is the time it takes while waiting for this whole process to finish. From upload to actually seeing an app in the Apple store can take anywhere from days to weeks.
Google has no reviewers of apps that get uploaded (except for Bouncer), no wait time to get an app in the store, and an “anything goes” content policy (unless it’s in violation of the Android developer distribution agreement). Even the framework the app store runs on is open source. For Google, accessibility is the name of the game.
There is a monetary downside to Google’s free and easy marketplace strategy. Lookout is a mobile security company that examined the Android app store and surmised that in 2011, over $1 million had been stolen from unaware Android users via malicious apps.
Of course there’s an asterisk near almost all shocking statistics. A McAfee mobile security analyst told Wired that because Android phones are so open themselves, it’s easy for users to get apps from third-party markets. Because of that, most of the malware found in 2011 (contributing to that $1 million stat) came from third-party markets, completely unassociated with the Android market. In the end, a user’s best line of defense is to stick to official app markets (like Android’s) and read user reviews.
App development is a huge market right now. A few months ago we wrote a blog post about a piece of software (App Cooker) that helps fledgling developers get going in an app market. Read it to learn more about making apps and how to host an app, stress free, with NetHosting.