Google recently had to deal with some malicious apps in the Android Market, the result of which was removing the apps from the store and having to use remote wipe capabilities in Android devices to delete the apps in the field. Google released an update explaining what happened. One debate this opens up (again) is the question of the curated app store vs. the almost-anything-goes app store. While this incident certainly doesn’t look good for a more open app store like Android Market, I’m not sure it’s necessarily fatal.
One thing needs to be clear: while an incident like this is less likely with a curated app store, it certainly isn’t impossible. A determined developer could get an app accepted on a store like the Apple iTunes App Store, which could have some malicious functionality buried within it, waiting for some circumstance to begin its nefarious job. It may be harder, but I don’t believe it is impossible.
That being said, an incident like this can give people a sense that a curated app store is better, in that it is perceived as being “more secure”. Personally, I don’t really care either way. There are merits and pitfalls to both kinds. Having to submit to Apple’s process for approval isn’t nearly as onerous as some think. Having a free-for-all market does increase the odds that a malicious app can get through, but as I said, I believe it is possible (although harder) to get one onto a curated app store as well.
However, this recent incident for Android is really one of those “stuff happens” kind of events, as far as I’m concerned. It is neither a condemnation of a more open store for buying mobile apps, nor is it overwhelming evidence of the superiority of a curated app store. Try as hard as we might, there is simply no way to stop bad things from happening. The best we can do is minimize the opportunities and mitigate the damage, and it appears Google has done as good a job as could be expected under the circumstances. I would hope that Apple doesn’t try to make a big deal out of this for their own gain, because that will simply give “bad people” incentive to get an app onto the iTunes App Store that contains malicious code. This incident is unfortunate, and it does make people more aware of the security issues that have so far been minimal on mobile devices. But I suspect it will also force all mobile OS manufacturers to focus more on security than they have in the past. Expect “device security” to become more of an issue, and more openly discussed in blogs, editorials and marketing, as these devices continue to proliferate.