Sophos Cloud Optix
How much trust do you put in Apple’s stewardship of the App Store – the online marketplace where you can download apps for your iPhone or iPad?
Chances are that you don’t think twice about installing software from the App Store – after all, all the software up there has been verified by “Apple”, right?
Well, just because Apple has put in procedures to police their App Store, and – unlike the Google Android platform – pre-approve each app, doesn’t mean that fake or malicious apps have never appeared.
This weekend the iPhoneography blog spotted a bogus app posing as the popular Camera+ application.
Fortunately, iPhoneography’s Glyn Evans realised something fishy was afoot and contacted Tap Tap Tap, the real makers of Camera+, and asked them to confirm whether the app – which claimed to be “THE MOST AMAZING CAMERA+ VERSION YET” – was legitimate or not.
Oh, Apple and your all too often disappointing approval process. Thanks to Glyn Evans for noticing this Camera+ fake: http://t.co/lG5A1eJK
— tap tap tap (@taptaptap) January 21, 2012
We haven’t been able to get our hands on a copy of the bogus app, so we cannot confirm if it contained any malicious functionality. It is possible that the popular app’s name was being taken in vain, simply in order to try to earn some money from online purchases.
The good news is that, once notified, Apple quickly withdrew the bogus software from its App Store.
But questions still remain as to what went wrong with Apple’s approval process.
Why didn’t they notice that someone was uploading a false version of such a well-known app?
After all, Camera+ is currently the 14th best-selling app in the App Store – Apple should surely recognise if someone other than Tap Tap Tap tries to submit it to the store?
As always, be careful what applications you install on your computing devices – even if they come from the Apple App Store. It’s not just fake software you have to watch out for, malicious code has made it into the App Store in the past.
Was not aware that Google Android platform does not have procedures to pre-approve each app and police their Market. Shame on Google!
On the other hand, if you know there is no pre-approval you know you need to make sure yourself that apps come from trustworthy sources.
It's a two-edge sword. Apple gets to say no to social apps that they don't like. They've rejected apps from naturist organizations, sex education sources, etc. They bow to the uneducated idiots of the religious right.
Google does not set itself up as a censor, they also don't take a large cut of the price. Open access is far better than censorship. But, yes, there is a price to pay. Users have to be better educated and use malware protection. (Though recently, the malware makers are getting pretty skilled at targeting Apple products.)
"Google does not set itself up as a censor, they also don't take a large cut of the price."
Well, that's only kind of true.
Google DOES remove apps from the Marketplace if the carriers tell them to. For example, Google has banned some tethering apps from the Marketplace at the request of the cell phone companies. Section 7 of the Google Developer's Agreement specifies that Google may remove any app found to be in violation of any policy by any of the cell phone carriers or device makers.Google has also removed video game emulators and banned their developers from the Marketplace.
Google does not take a cut of the apps on the Marketplace. But the cell phone carriers do. Their cut is exactly the same as Apple's: 30%. If you are an Apple iOS developer, when you sell an app you get 70% and Apple gets 30%. If you are an Android developer, when you sell an app in the Google Marketplace you get 70% and the cell phone carriers get 30% divided up among them.
It's all well and good to warn people to be careful, but how exactly does one determine they've downloaded a 'fake' version of any application? What happens when they do, are they simply out money they spent on it? I've purchased software called Better Keyboard from the Android Marketplace which was later pulled over a violation on the developer's other applications and left with no way to access it again without repurchasing it elsewhere. The developer refused to honor my Marketplace purchase when asked where to download it in the future if need be. This application can be found on Amazon.com and one other domain only if I pay twice for it! Good thing I just happened to back it up with another program I also purchased from the Android marketplace eh? So what exactly is Amazon.com doing to protect us from these sketchy developers? I notice there are several similar complaints such as mine about this person's business practices, yet the application remains for sale with them.
This is yet another problem I see more of coming in the future of phone application customers.
Well, after Apple threw a temper tantrum and attacked a security researcher for pointing out a flaw in the app approval process what you expect? Apple security like any security is not perfect. Add to that the fact that they have shown a willingness to attack those that want to help and what you get is people exploiting the holes instead.
Someone on the Inside? I bet it was that.
Pros and cons. Google do not approve apps, but Apple reject apps for business reasons. I think that at one point Google wanted a Chrome browser available and they shut it down as Safari should be the only browser available? I've since seen other browsers out there, maybe Google should resubmit!
I would rather Everybody vetted their apps available myself. If there was a vetting aplication process involved in the Google Android Market process then the dodgy ones would decrease, meaning that they wouldnt be overwhelmed (which is proib the answer they would give now for not having a moderator)
Actually there is a protection for Android users. Research the reviews for any product before installing it. And not just one review. It isn't perfect but there is no perfect.
You have two choices in life: Be completely safe by spending all your life in protective mode. Or take some well-considered chances, but have a fuller life.
Is there any security software available for iOS? I know one can run anti-malware software on android (although I don’t know how effective it is).
If Google doesn't want to set up their own department to vet apps… there should be some form of developer community vetting process, similar to that seen on Xbox Live Indie Games. To get your game publicly downloadable on XBLIG, the game developer community must give a specific number confirmations that it's bug free and provides ESRB-esque ratings (for sex/language/violence/etc) which gets posted with the game listing.
Apple’s App Store: One bad app out of over half a million apps. Better not go outside, you might get struck by lightning.