Marketplace Value Add For Devs and Customers

There was a story which surfaced yesterday about vulnerabilities exposed in a wide swath of Android apps.  SMobile Systems conducted research in the Android app space and found that some 20% of the apps allow third-party apps to gain access to sensitive or private information.

It would be easy to dismiss this article by pointing out that by simply downloading an app, a customer is making a explicit allowance to an app to access data on the phone.  What I found troubling about the findings wasn’t necessarily the point about access to the data, but rather that, 5% of the apps surveyed could make calls and 2% could send premium SMS messages.  Talk about a surprise cell phone bill.

The key word in the above statements, however, is “could.’”  Yes, customers make the decision to download those apps, but they have no way of knowing with certainty what those apps are doing behind the scenes.  UPDATE: Ben points out below that the customer us warned of all the APIs used, which is true, but they aren’t told *how* they are used.

Further, because of the multi-tasking architecture of Android, the apps have the potential to be doing a bunch of bad things in the background when the phone is not in use.

Google has been quick to point out that the architecture of Android would limit what actual damage one of these apps could do, but that’s really not the point.  What is being lost in this discussion is that there is no curation of the Android marketplace.  For all the grumbling and grousing about the Apple AppStore, their review process would likely catch these abuses.  There is no such level of certification for the Android marketplace.  Customers don’t want to think about needing anti-spyware software for their phone, as the article implies is one solution for Android.

The Windows Phone Marketplace certainly believes in the curation model, and we have placed user security as a top priority.  This is one of the main reasons that we have our app certification process, and why (UDPATE: “at least in version 1”) apps are run in sandboxes, with no access to any data other than its own isolated storage, or the ability to communicate with other apps.  UPDATE: The goal is to ensure that absolute best customer experience when using their phone.

UDPATE 6/25/10

I’m not one who believes in conspiracy theories or anything, but I do find the timing of this announcement from Google that they can remotely wipe apps from phones a bit curious.  I have to go do some digging, but I’d be interested to know if the Android developer agreement has specificity about what would constitute grounds for a remote wipe.

  • Pingback: A good reason why Windows Phone 7 applications run in sandboxes and have to be certified | MobileTechWorld()

  • I take your point here, but this blog post might be a somewhat annoying reference if/when WP7 changes some of these policies in the future. Allowing an app “…no access to any data other than its own isolated storage, or the ability to communicate with other apps.” is a strange thing to use as a selling point. If Windows worked that way, the PC likely wouldn't have made it very far.

    Btw, the Android marketplace *does* warn you of all the apis utilized by the app you're installing. I'm not saying everyone reads it, but I feel your comment saying customers “…have no way of knowing with certainty what those apps are doing behind the scenes” is somewhat misleading. They DO know, for instance, whether an app can make calls.

    I'm really looking forward to WP7. I'm developing apps for it. But some of the exact limitations/features you mentioned here are actually going to prevent me from using the first version as my primary phone. I really hope I can someday.

  • Pingback: Mobility Digest - Android - MS Explains The Protections You Expect From Them()

  • Parag

    This is exactly the reason why Iphone has been successful. If you rely on users to use Task manager and free up memory you fail! (EVO fans, I am sorry, but Android sucks!)

    I think Multi-tasking has to be there, but it should not be freely available to 3rd party apps.

  • Shalan007

    I have written a little app for Android too and I need to use some “advanced” apis where I had to declare some usage of external network services and the SD card.
    Only ONE user has asked why I need to use the network connection. Thats strange because thousands of users installed the app…
    So a new approach of getting the user some info what exactly the app is trying to do would be good. But I doubt that its enough to just put a popup during install to it. And letting the app show a popup every time it tries to access a (restricted) resource would be very bad too…

    The review process might help a bit to find the black sheeps. But there is no way of telling if the reviewer has found every possible thread. Keep in mind that there is only about $20/app review (estimated by me) – so a review could only take maybe 20min… You can automate alot because .Net gives some abilities to that.
    Some freedom to do sophisticated apps is needed. Ok, there should be some restriction on how to access possibly expense generation resources. So sending an SMS or calling should be comtrollable through the user. But I would like to see some API on controlling phone calling features (like TAPI or CSTA). That would enable a lot of nice apps.
    Try to limit the annoying popups asking the user. That has lead to the failing of Vista 🙂
    Ther is no free lunch 😉

  • Shalan007

    I have written a little app for Android too and I need to use some “advanced” apis where I had to declare some usage of external network services and the SD card.
    Only ONE user has asked why I need to use the network connection. Thats strange because thousands of users installed the app…
    So a new approach of getting the user some info what exactly the app is trying to do would be good. But I doubt that its enough to just put a popup during install to it. And letting the app show a popup every time it tries to access a (restricted) resource would be very bad too…

    The review process might help a bit to find the black sheeps. But there is no way of telling if the reviewer has found every possible thread. Keep in mind that there is only about $20/app review (estimated by me) – so a review could only take maybe 20min… You can automate alot because .Net gives some abilities to that.
    Some freedom to do sophisticated apps is needed. Ok, there should be some restriction on how to access possibly expense generation resources. So sending an SMS or calling should be comtrollable through the user. But I would like to see some API on controlling phone calling features (like TAPI or CSTA). That would enable a lot of nice apps.
    Try to limit the annoying popups asking the user. That has lead to the failing of Vista 🙂
    Ther is no free lunch 😉

  • Shalan007

    Never heard about a wipe function for apps for Android. But its a good thing in my opinion to get a bit of security into the system – but that has a bit of a bad taste too…
    All depends on how wisely you would use such a feature.
    I would like to have some control as a customer whats happening on and with my payed devices. If I dont want that something is interfering I like to have the choice.
    After all – just send an email out to the accounts and ask for permission to wipe that risky app or even the phone (I would like to have such a function in WP7 too to make a lost phone unusable).

  • Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good ugg boots information we can learn in this forum!

  • Pingback: Thoughts on closed platforms()

  • Freedom loving developer

    So, we can't write apps that can read the GPS or make web service calls or communicate outside the device at all? We can't make IM clients or e-mail clients or video chat clients or take pictures or use the camera or the voice recorder or access the contacts list for contact related activities? I don't understand. What use is the phone to a developer if all we can do is draw on the screen?

    If we /can/ do more than that, then either the phone allows us without warning the user (bad security model), or it warns the user and gets their permission (like Android does).

    BTW, before you download an Android app, the phone lists exactly what secure features an app is coded for (access the internet, read contact info, read/write to SD card, send SMS, etc…). I examine that on each download and if it's attempting to do something that doesn't make sense for it's design (like a game being able to make phone calls), then I don't download it.

    You didn't mention the user review process either. Each app has user reviews with a 1-5 star rating along with comments. Though, early adopters of a program (before reviews exist) are the guinea pigs, most users have the benefit of the comments. You can also report a suspected malicious program too.

    It all comes down to features vs. security. The more features you allow for apps, the less secure you are. It's always a trade off.

    We definitely need, at the very least, a toggle switch (even if buried deep inside system settings) to let those of us who are intelligent enough to disable the restriction of a single market place. I need to develop apps for my family and for local community groups and local businesses… apps that have no business being available for the general public AND some of these are none of Microsoft's business because of the intellectual property of the contents of the apps and privacy matters too.

  • I recently switched from iPhone to Droid2 and I keep thinking about this article every time I try to download an app. The permission slip is meaningless to me. I have no idea what the app is doing with that information and why it even needs it. At the very least the app should explain why it needs to use each of those functions. So frustrating to install something without some trusted source first reviewing the code.

    Curating the apps without censoring would be the perfect model. Let me download whatever I want, just make sure the app is only doing what it's advertising.

  • Pingback: MS Explains The Protections You Expect From Them — MobilityDigest()