Why the Android Market is a worrisome place

Malware on Android Market
[Via Daring Fireball]

Aaron Gingrich, for Android Police:

Openness — the very characteristic of Android that makes us love it — is a double-edged sword. Redditor lompolo has stumbled upon a perfect example of that fact; he’s noticed that a publisher has taken “… 21 popular free apps from the market, injected root exploits into them and republished.” The really scary part? “50k-200k downloads combined in 4 days.”

Uh-oh:

There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

[More]

Those are 50-200,000 phones that can now do anything the malware producers want. Google can now remove the apps but the damage is done for those unfortunate ones.

How is one to know whether the next app downloaded will not do the same thing? Vetting afterwards does not seem like safest way to go.

Apple provides trust by its walled garden. When the world is a very dangerous place, walled cities provided safety. Seems similar here.

But the strategy tax for Apple is easily changed

by kevindooley

The Apple Strategy Tax
[Via Daring Fireball]

John Siracusa on Apple’s internal conflict between being a good platform host and promoting its own content services:

This tension between being a platform owner and also trying to build new businesses on that very same platform is another thing that Apple shares with Microsoft. But Microsoft is also a perfect example of how this strategy can seemingly succeed (Windows won the war for the desktop and Microsoft’s applications came to dominate the Windows platform) while blinding a company to the long-term failure scenario (a lack of competition allowed Microsoft’s products to stagnate, and the next round of innovations happened someplace other than the Windows platform).

Smart, subtle argument.

[More]

Perhaps Apple does have a strategy tax due to the inherent competition between its own software offerings and that if third party developers. Perhaps succumbing to the temptation of evicting competitors from the App store could happen.

The difference, though,  between the internal strategy tax of Microsoft and this external one of apple is huge, to my mind. For Microsoft to recognize the danger and change it required it to  simultaneously fix two opposed foes within itself. Settling that battle is obviously not easy.

Because fixing one part of itself require potentially damaging another part. Easier to just let both fester.

But Apple’s danger is between inside and outside competition. It can easily fix the problem by simply changing the rules. This is external to the company and does not require one part to damage another.

If the new subscription rules are harming Apple’s other areas, if big third party developers leave, it can simply change the rules and the possible harm goes away. It has done this in the past when confronted with possible damage due to App store rules.

Poof. There goes the strategy tax. Microsoft cannot wave a similar wand.

Pissing off Anonymous is not a good thing to do if you are involved in possibly unethical, perhaps illegal, behavior

Dems push for Congressional investigation of HBGary Federal
[Via Ars Technica]

Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a Congressional investigation loomed. A dozen Democrats in Congress asked various Republican committee chairs to launch probes of HBGary Federal’s idea for a “reconnaissance cell” targeting pro-union organizers.

HBGary Federal was hacked last month by Anonymous after Aaron Barr believed he had unmasked much of the group’s leadership—and Barr’s entire cache of corporate e-mails was made public. Those messages revealed that Barr had joined up with two other security firms, Palantir and Berico, to pitch the powerhouse DC law firm of Hunton & Williams on an idea to go after union-backed websites who opposed the US Chamber of Commerce. The scheme, if adopted, would have cost the Chamber up to $2 million a month

[More]

The complaint says it best. The firm engaged ”in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.”

It says something that the content of the emails is  now more important than the illegal acts Anonymous performed to get them. Of curse, the ease with which this ‘security’ company’s system was compromised belies their actual expertise at security.

I would love to hear more about the US Chamber of Commerce and its response to this scheme. Or other schemes for using technology developed for military use being used against American citizens for corporate gain.