undefined | Better HN

0 pointsjacquesm15y ago0 comments

So, Google has a responsibility to check each and every app for malicious intent by the uploader?

I really think that goes one step too far, that's exactly what apple does with their market place and I think that is a big part of the problem.

The ultimate responsibility of what you run on your computers lies with you, not with some entity providing you with a convenient way to get at a catalogue of stuff.

This application seems to be malicious, and it seems that the security model is not broken, after all it asks for the permissions very explicitly.

Now if only people would read those warnings and think for a bit before clicking 'ok'.

This is analogous to people receiving an email that instructs them to open a malware attachment.

It's simple, if you haven't inspected the source and it doesn't come from a source that has inspected the code and that gives you a guarantee that you can trust the stuff you download then you can not trust it.

Pushing the responsibility to Google is utterly unfair, they could never in a lifetime review the source code of every application that every android app developer throws out there.

0 comments

10 comments · 3 top-level

jsz015y ago· 4 in thread

The tricky part for Google is they have pulled apps in the past so they're not entirely absolving themselves of responsibility for the Market.

jacquesmOP15y ago

As I'm sure they'll pull these when the right people at google are alerted to the problem.

But there will be more instances of this and I think that there simply ought to be a strict procedure to report malware so it can be responded to quickly rather than to lay the blame with google.

Then if such a procedure is in place and if google would consistently refuse to pull clearly identified malware you'd get in to a situation where you could lay some blame.

As it is I find it premature to do this, the Android application market is still developing as are the procedures to deal with applications that behave in 'unexpected' ways, the first competent user that installed this stuff should have had a way to provide feedback about the perceived security risks.

nailer15y ago

Having anything submitted to the 'Themes' category not include the permission to view your call history is automatable.

> I'm sure they'll pull these when the right people at google are alerted to the problem.

I've ported about 15 different apps to Google which were blatant cases of IP theft, and one of search results gaming. They're all still there, with zero response. They might be better with handling malware but I doubt it.

2 more replies

thwarted15y ago

Tall people are not responsible for the things that are placed on high shelves just because they can reach them, but it is nice of them to help shorter people manipulate those things.

ZeroGravitas15y ago

They pull videos from Youtube too but you can't sue them for copyright violation when your TV show appears on there.

masklinn15y ago· 2 in thread

> So, Google has a responsibility to check each and every app for malicious intent by the uploader?

Yes, that's very much the point of an official, curated application store. Especially when you can sideload applications or use third-party store, the official first-party store being loose and un-trustable makes it not very useful.

> The ultimate responsibility of what you run on your computers lies with you

Most users have absolutely no sense of IT responsibility, and barely even understand how the thing is supposed to work.

> Pushing the responsibility to Google is utterly unfair

Not really. It's their store, branded by themselves. To regular users, they're the trusted authority/overseer.

jacquesmOP15y ago

I thought the main point was to provide a centralised repository, not to have a 'stamp of approval' and a guarantee of being 'malware free'.

For the life of me I can't see how google could begin to put a dent in evaluating each and every application at that level.

Do they refuse applications according to some publicised rule set ?

Each and every one of the closed source downloads that has ever been done from download.com could turn out to be malware tomorrow morning, I find it hard to believe we should hold download.com as the place where we 'got it' responsible for stuff like that.

In the end, you should trust the creator of the software, emphatically not the place where you downloaded the code. Whether it's a big site maintained by a big name or a smaller one, if it isn't open source you basically can't trust it.

nailer15y ago

> Do they refuse applications according to some publicised rule set ?

Yes. The Android Market Developer Distribution Agreement, here: http://www.android.com/us/developer-distribution-agreement.h.... Section 4.3 in particular.

tvon15y ago· 1 in thread

> So, Google has a responsibility to check each and every app for malicious intent by the uploader?

(...)

> The ultimate responsibility of what you run on your computers lies with you, (...)

This touches on something that has been nipping at my brain lately. There seems to be a widespread assumption among many developers that end users need to be more educated about technology, that it is not the developers who need to make these things simpler to use, but end users who need to understand the underlying system better. In other words, that the general public needs to catch up to technology instead of technology being more usable for the general public.

I think that is very wrong headed.

> Now if only people would read those warnings and think for a bit before clicking 'ok'.

Well, it only tells you it wants to read your address book, not that it wants to read your address book so it can spam all your friends (as an example). Joe Somebody wouldn't be stupid to allow a wallpaper app to read his address book if he was under the assumption that the app would just use that data to let him email nice wallpapers to friends.

> This is analogous to people receiving an email that instructs them to open a malware attachment.

Only if every app the user installs requires following email instructions and opening an attachment, and that's the point. There is little to discern the malicious permissions from the beneficial ones unless you are intimate with how the app is supposed to work. This is why a higher, more knowledgeable authority should at least give apps some level of review.

jacquesmOP15y ago

That's the high road to trusted computing, but that doesn't mean the destination is any better. Think the 'ministry of automation' giving you a license to develop or something like that.

j / k navigate · click thread line to collapse

0 comments

10 comments · 3 top-level

jsz015y ago· 4 in thread

The tricky part for Google is they have pulled apps in the past so they're not entirely absolving themselves of responsibility for the Market.

jacquesmOP15y ago

As I'm sure they'll pull these when the right people at google are alerted to the problem.

But there will be more instances of this and I think that there simply ought to be a strict procedure to report malware so it can be responded to quickly rather than to lay the blame with google.

Then if such a procedure is in place and if google would consistently refuse to pull clearly identified malware you'd get in to a situation where you could lay some blame.

nailer15y ago

Having anything submitted to the 'Themes' category not include the permission to view your call history is automatable.

> I'm sure they'll pull these when the right people at google are alerted to the problem.

2 more replies

thwarted15y ago

Tall people are not responsible for the things that are placed on high shelves just because they can reach them, but it is nice of them to help shorter people manipulate those things.

ZeroGravitas15y ago

They pull videos from Youtube too but you can't sue them for copyright violation when your TV show appears on there.

masklinn15y ago· 2 in thread

> So, Google has a responsibility to check each and every app for malicious intent by the uploader?

> The ultimate responsibility of what you run on your computers lies with you

Most users have absolutely no sense of IT responsibility, and barely even understand how the thing is supposed to work.

> Pushing the responsibility to Google is utterly unfair

Not really. It's their store, branded by themselves. To regular users, they're the trusted authority/overseer.

jacquesmOP15y ago

I thought the main point was to provide a centralised repository, not to have a 'stamp of approval' and a guarantee of being 'malware free'.

For the life of me I can't see how google could begin to put a dent in evaluating each and every application at that level.

Do they refuse applications according to some publicised rule set ?

nailer15y ago

> Do they refuse applications according to some publicised rule set ?

Yes. The Android Market Developer Distribution Agreement, here: http://www.android.com/us/developer-distribution-agreement.h.... Section 4.3 in particular.

tvon15y ago· 1 in thread

> So, Google has a responsibility to check each and every app for malicious intent by the uploader?

(...)

> The ultimate responsibility of what you run on your computers lies with you, (...)

I think that is very wrong headed.

> Now if only people would read those warnings and think for a bit before clicking 'ok'.

> This is analogous to people receiving an email that instructs them to open a malware attachment.

jacquesmOP15y ago

That's the high road to trusted computing, but that doesn't mean the destination is any better. Think the 'ministry of automation' giving you a license to develop or something like that.

j / k navigate · click thread line to collapse