Why You Should NEVER Get Your Apps From Google Play
If You Don’t Want Malware or Fakeware, Stay Away From Google Play
My son’s ‘feature phone’ died this week, and when I looked at replacements the best value for the money turned out to be an Android smartphone: the LG Optimus Zone 2. The sales clerk was quick to add the Google Play icon to the home screen and was about to launch into a spiel about how to get apps from Google Play when I (politely) interrupted with, “We NEVER use Google Play, we only use the Amazon App Store because Amazon does a better job of vetting app developers and apps.”
The clerk smiled and gave me one of those dismissive nods that seems to say, “Oh, you poor woman. So not hip to the ways of technology.” Little does he know. But in fairness, this type of remark from me almost always gets some pushback from doubters, so today I’m busting out some links to prove my point.
Exhibits A – F
In February of this year, PCWorld reported “Malware-infected Android apps spike in the Google Play store”.
The same month, Infoworld reported a four-fold increase in Google Play Store apps carrying malware between 2011 and 2013. MacDaily News concurred in its own post, Malicious Android apps spike nearly 400 percent in Google Play store.
A little over a month later, in April, Google Play seemed to be trying to address the problem, as reported in a Time piece entitled Android Gets a Malware Scanner for Google Play Store Apps.
But the very next month, May, TechRepublic reported on the still rampant problem of malware in the Google Play store in a piece entitled Malware in the Google Play Store: Enemy inside the gates.
One month later, in June of this year, International Business Times ran Malware Posing as Official Google Play App Found in….Official Google Play Store. This one is particularly embarrassing for Google Play, since the malware app was called “Google Play Stoy” and masqueraded as the official Google Play Store app.
Not Only Is Google Play NOT Keeping Malware Out, Google Play Is Making It Easier For Malware To Get In
On June 18th of this year tech security firm Trend Micro reported in its TrendLabs blog:
“Unfortunately, however, it turns out that Google has changed the permissions model of Android in a very fundamental way, significantly reducing its visibility and usability to users. It leaves much more room for malicious app developers to update their apps to add potentially risky permissions to their apps.”
“How was this done? Developers in various Android discussion forums found that the update to the Play Store – rolled out in mid-May – had also changed how permissions and app updates were handled, and not in a good way.”
“Previously, if an update to an app meant that it required new permissions, the user would have to explicitly review the permissions and approve it, as if a new app was being installed. That is no longer the case. Now, if the requested permission(s) are in the same group as one the user has granted access to, this explicit approval is no longer necessary. If app auto-updates is turned on, the app can update in the background without the user being aware of the changed permissions.”
Do Yourself A Favor: Get Your Apps From Amazon
If you do a Google search on “Amazon app store malware”, the only recent entry you’ll find is for a TechRepublic report on an Android operating system vulnerability that allows for the same type of app permissions override as described above in the TrendLabs excerpt. But in this case, it wasn’t a change on Amazon’s part that opened the door to malware: the app permissions override capability TechRepublic reports is only triggered by an Android operating system update on your device: something totally outside ANY app vendor’s control or even knowledge.
While the piece reports that a test app with this type of malware in it was approved for listing and sale in all the major Android app stores, including Amazon’s, (and was immediately removed from all outlets by testers afterward) it’s important to note that this “time bomb” malware, tied to a device system update, is a type of hack that’s never been used before. It will take time for app vendors to come up with reliable countermeasures.
So yes, ANY app, obtained from ANY vendor, has the potential to carry malware. It’s a neverending, ever-escalating arms race between hackers and tech security professionals that will never go away. But unless you want to live totally off the grid, taking reasonable precautions is about all you can do to avoid malware.
One of those precautions is to limit your app purchases and downloads to trusted vendors who haven’t been repeatedly found to host malware and fake apps, and who do seem highly invested in keeping malware out of their store. As of this writing, the only Android app vendor that fits this description is the Amazon App Store.
Finally, Regarding Claims That Apps On Amazon DO Have Malware…
The people making these claims don’t know what they’re talking about, or else they’re misusing the term “malware” to apply to everything from In App Purchases to statistics-gathering. See my post, Ignore App Reviews That…, to get the full scoop.
* * *
I really love my Kindle Fire HDX, but some folks don’t want or need all the bells and whistles. They don’t need a device that can run apps or play videos, they just want to READ. For them, the Kindle Paperwhite is just the ticket. It offers all the same great e-reader functionality as you’d find in a Fire tablet, such as WiFi connectivity, the ability to enlarge or change the font, re-orient the screen from portrait to landscape and so on, but all that functionality comes in an elegant package that’s designed to do just one thing: make reading ebooks a pleasure.