Can you trust the “What’s New” section of any app store? Probably not.
For instance, Microsoft has as good as admitted its Windows Phone 7 app store contains a high percentage of junk and that the total number of apps is inflated.
Todd Brix, Senior Director, Mobile Services and Developer Product Management at Microsoft, wrote in a blog posting that “bulk publishing” developers have been submitting “hundreds of apps in a matter of a few days.” It’s extremely unlikely developers are able to create genuinely new apps in that time, and most are likely dupes of existing apps with minor modifications. The intention is to force competitors out of the all-important What’s New list, which is the starting point for many app purchasers.
In response to the bulk publishing attacks, Microsoft is removing the detritus and giving marketing advice to the companies concerned so they won’t need to cheat. A code of conduct is being drawn up and–more importantly–developers are being limited to releasing 20 apps per day.
McAfee’s recent threat report for the first quarter of 2011 (PDF link) lists Android as the second most popular platform for malware authors, trailing only the declining but still popular Symbian platform.
The signs are that app stores will become the dominant form of software distribution on all platforms, not just mobile. Apple intends to distribute the Lion update of its operating system via its Mac App Store, for example. History has shown that where Apple treads, virtually everybody else follows. For instance, Windows 8 will have its own app store upon release next year.
There’s an increasing number of third party app stores around too, offering choice beyond that of the official outlets offered by manufacturers. Security policies vary wildly.
But if app stores are to succeed, consumers need to be more confident they’re safe.
The issue is one of trust: Whether users trust the app store, and whether the app store trusts users to be able to take care of themselves.
Apple doesn’t trust anybody to make the right decisions, so polices its app store rigorously and locks down the iPhone/iPad hardware platforms so they’re off limits to anybody but Apple. In short, you can’t install any app unless the central Apple soviet approves of it.
Google expects users to use common sense. Each app installed by a user requests permissions for whatever aspect of hardware it requires, such as Internet access, or sound. However, malware like the recent DroidDream outbreak uses exploits to gain root access, and users soon learn to ignore such warnings anyway.
Both iOS and Android devices have in-built kill switches that lets Google or Apple instantly remove an app, but that’s little comfort if personal data has already been stolen.
Amazon appears to be providing an ideal middle ground with its new Android Appstore. Amazon tests each app before listing but has no intention to limit user choice, saying in its FAQ: “Our intent is not to be prescriptive in terms of what constitutes good app design. Amazon is a big believer in innovation in general, and we hope to feature many creative and innovative apps in the Appstore.” However, developers are required to stick to content guidelines, of which Amazon says “what we deem offensive is probably about what you would expect.” Well, that’s vague, to say the least.
The future might lie in app stores containing both approved apps, which have been tested and swept for security issues, and a Wild West of unapproved apps where users are aware they’re taking a chance but can find the choice they crave. Indeed, this could create a price-tiering system that app store managers could exploit, with approve apps sold at a premium.