The security vendor known as Symantec has been focusing its attentions on the Google (News - Alert) Play store recently, and what the security firm found was actually rather disturbing: The Google Play store was positively laden with scams and applications of questionable content, and though Google is being vigilant in terms of keeping said apps away from the buyers, there are simply so many that some are slipping through the tiny cracks in Google's undoubtedly robust defenses.
Symantec (News - Alert) had been monitoring the Google Play store for the last seven months, where it found over 1,200 different suspicious applications in that time. Google, to its credit, removes many of these shortly after being published, but some can remain for as long as several days, according to reports.
What was particularly unusual, according to Symantec's Joji Hamada, was that despite the comparatively short life of such apps, there's little sign that the sheer numbers of such are dropping. More specifically, Hamada wrote “Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones.”
Though it's difficult to spot a scam app, particularly since multiple tactics are used to attempt to get something out of users, the stakes are almost disturbingly high.
One such scam app tried to make users subscribe to an adult website at a rate of $3,200 per year, and all the app actually did was launch a link to the aforementioned adult website. But once the website is launched, the site asks users to register. When the registration is completed, an e-mail form is sent that contains a link to another website. The user then inputs a password, and the phone is given a number to call, which at the other end supplies a password along with registration details and a $3,200 registration fee is then noted, payable within three days.
But perhaps worst of all? According to Hamada, over 100 applications like that have hit Google Play since the beginning of the month.
How to stop such apps? That may be the real sticking point, Hamada describes, as there are so many manual steps required in the process that using automated checking methods really doesn't do much good. At that point, only human analysis can really pinpoint the biggest problems, and that's a process that takes a lot of time, effort, and resources. Even Google Play's basic setup, with a keyword-based search engine, allows some of these apps to work into the top keyword searches.
It's a difficult problem to work with. While Google Play generally catches many such issues before those apps can even hit the sales floor, catching all of them is a huge problem. Every one that gets through is making huge problems for the user base, and every user who has a problem with an app is a whole lot less likely to buy apps in the future. Yet, if Google Play were to manually check every app, the delay from submission to release would be huge. A lengthy amount of time without new apps would make the app store less valuable to some users, who might well leave for Apple (News - Alert) or the like.
Just what Google Play can do here is unclear, and virtually every method looks to have some problems. But whatever the solution is, Google Play needs it, and as soon as possible, to help ensure that the current stock of users will stick around.