Google is way too relaxed about malware

[machwh]

When you discover (as I have) that your app has been cracked, re-packaged, and put back up on Android Market with permissions that allow it access to phone information and full internet access, you'd think that Google would take down the 'developer's apps as a matter of course?

Instead, it seems they leave the apps there and only take each one down when (if) the developer notices and files a copyright infringement claim.

This 'developer':

https://market.android.com/developer?pub=BeeGoo

has other people's apps, repackaged, presumably with malware attached, yet I'm told by another author that Google refused to deal with any apps other than his -- so his has been removed but the rest are still there. And they've been downloaded thousands of times -- that's a whole lot of grief.

Google has yet to get back to me or remove my app (Super Photo Enhance is a repackaged Photo Enhance Pro) -- and if they decide against me then they say they won't get back at all, and as I've no idea what the lead time is I have no way of knowing whether they've yet to deal with my case, which is frustrating.

But my main point: it seems you can blatantly rip off other developers' code, and if you're caught Google pull that app, but leave you to trade the rest of your apps, even though they're clearly malware as well.

This isn't subtle -- look at the URL for the ripped-off version of photo enhance and you'll see it's called com.wheadon.super.photoenhance (Wheadon's my surname) -- and the same thing for the other apps -- their name documents their origins.

This is blatant and yet Google allows it to persist :-( Surely that's not prudent?

Mark (developer of Photo Enhance Pro)

 

[duc916]

Thanks for the heads up. Makes sense that Google would conveniently ignore any malware that might generate ad revenue for them. It's the only way they earn their money. The walled garden grows more appealing than the wild open jungle every day.

 

[trick202]

Don't knock the walled garden - it's a great guarantee of quality.

 

[Aatos.1]

Thanks for the heads up. Makes sense that Google would conveniently ignore any malware that might generate ad revenue for them. It's the only way they earn their money. The walled garden grows more appealing than the wild open jungle every day.

While I appreciate the OP's post, and do not disagree, I also understand both sides, as I've got years of experience in the field of computer science.

I agree that Google takes a different approach than Apple at the present, however they are listening and paying attention. I'm not on anyone's side but ours. So please don't think I'm advocating for Google, I'm simply sharing my take on this based on my knowledge.

Google has hung their hat on being open, so they can't just change their position quickly without taking a beating in the press. Also unlike Apple its an area that they don't have much experience in yet.

Working in a cross platform environment, I'm intimately aware of how Apple operates. I use an iPhone as well as Android. Apples no better than Google, it's a long story, so suffice to say that the walled garden in my personal opinion is far worse overall. Perhaps not in this specific topic, but overall they have the power to remove apps right off of your phone.

One major difference between these two giants is Apples secret nefarious activity.

To your point of Google ignoring malware if its generating ad revenue, I can say with confidence that's not the case. They already bring in billions, so even if it was hoards of Android apps, it's but a very tiny amount of revenue for them. They'd much rather have a good reputation and credibility, than that kind of money. They're just learning and a bit sloppy as they sort this out. There are many behind the scenes issues they're working on with much greater urgency than is apparent.

So the bottom line is, they want this resolved as bad as the developers do. Even moreso, since they need the developers more than Apple. The recent I/O conference went a long ways to bring them information from the developers.

As a neutral party speaking for myself, I believe we should continue to use Android, not expect a lack of issues since everyone has them, its how they handle them. By allowing Google a reasonable amount of time to works this out is prudent. Especially since the Dictatorial Apple is currently locking things down and censoring more than ever. A trend they're not easing up on.

Cheers

 

[trick202]

So you can also steal an App from the Apple App Store and rebrand it your own, then re-submit?????

 

[badankles]

i agree that something should be done about flagrant plagiarism of app and reselling the app as your own, malware or not.

 

[RiverOfIce]

Are you sure that it contains malware and/or virus?

Because you are making a tall claim that should be handled between you and google. File the copyright notice and move on, if you want to get into a blow by blow of who ripped who off using java code, you are in for a long and nasty fight that you can not really win.

Does his product contain malware or a virus, maybe, maybe not.

Did he rip off your code, maybe, maybe not.

Are you bitter and want to rage at this guy, yes.

I would calm down before you get a letter in the mail asking you to put up or shut up in court.

 

[Stuntman]

I looked at the reviews of that developer and they all indicate that the apps are malware. It seems that users are able to get the word out about bad apps.

 

[machwh]

Are you sure that it contains malware and/or virus?

Does his product contain malware or a virus, maybe, maybe not.

Did he rip off your code, maybe, maybe not.

Speaking for myself and the "Super Photo Enhance" copy of Photo Enhance Pro. No, I'm not sure it contains malware, but the all-too-open permissions would indicate that. And yes, I'm sure it was my code. The app was the same including all the menus etc, the description was a copy of my description (an old copy), and even the app was com.wheadon.superphotoenhance (I'm Mark Wheadon).

Google took down the app (so they agreed with me), but left all the others there -- they have similar full names which point to the original apps, and descriptions which are cut-and-paste jobs from the original. They're clearly rip-offs, and most of them are still there, and the 'developer' can still trade on Market.

Mark

 

[dylo22]

Looks like you're right about your app being repackage with malicious software. Google just removed two dozens of them from the market. Apparently it's a variant of the droid dream exploit.

Malicious apps removed from Android Market | InSecurity Complex - CNET News

 

[machwh]

Looks like you're right about your app being repackage with malicious software. Google just removed two dozens of them from the market. Apparently it's a variant of the droid dream exploit.

Malicious apps removed from Android Market | InSecurity Complex - CNET News

What worries me is that Google should have known for a while about this, but they only reacted when it finally got global coverage (it's been in multiple blogs today).

They have a steady stream of authors coming to them to file a copyright claim, but it seems there's no path from that to them pulling all of 'developer' of malware's apps -- they respond to bad publicity, but until then they deal with each claim in turn, not joining the dots. My app's case is a good example -- anyone looking at BeeBoo's apps could see clearly where they originally came from (it wasn't subtle), yet even in a case as unsubtle as that they weren't prepared to act until each copyright holder in turn got in touch with them.

I'm writing this in the (unlikely) hope that someone from Google will read it an act to change things. It's unlikely, but there's no way I know of of talking to them more directly.

Mark

 

[BiggestManEver]

Don't knock the walled garden - it's a great guarantee of quality.

Yeah, because a $2 app "Shining Force Walkthrough" is really great quality.

Please. Half the apps in the iOS store are pathetic money grabs. I can look up video game walkthroughs on Google in 2 seconds. Yet they know their users are stupid, and will pay $2 for a copy-pasted version of the site, into an "app" icon.

Stupid, stupid, stupid.