Hidden in the debacle that was BlackBerry’s first-round aborted attempt at launching its BlackBerry Messenger (BBM) chat service onto Android and Apple phones, is a lesson that shows how Android is ultimately doomed unless Google takes drastic action.
The highly publicised “porting” last month of BBM to Android and to Apple’s iOS was halted after a series of problems. The key moment was on Android. Like any other curious geek, I installed what appeared to be the BBM app. But it wasn’t. It was something that called itself “Minecraft LiteTM” and was almost certainly malicious software (malware) of some kind. I deleted it immediately.
This isn’t the first time Android’s lack of control of what appears in its app store, called Play, has been exposed. According to security firm Trend Micro, “the number of malicious and high-risk Android apps hit 718 000 in the second quarter from 509 000 in the first quarter of this year. The majority of these were still packaged as spoofed or Trojanised versions of popular apps. Almost half of the mobile malware uncovered this quarter was designed to subscribe unwitting users to costly services.”
Google may be fanatical about security when it comes to Gmail logins and two-factor authentication (if you don’t use it, start as soon as you’ve Googled to see what it means), but the company is effectively letting software that could possibly compromise your smartphone in through the back door. Because it’s in its app store, a user should be able to assume it’s trustworthy. Not so.
Google is in the volume business. Apple is in the premium business. That’s the key difference. Google needs quantity; Apple sells quality. Google’s approach to apps is predicated on its business model of showing as much advertising to as many people as it can. But Google doesn’t seem to care about its Android users’ safety. Letting those fake BBM apps through is a disaster. They should have been better protected.
I don’t want to trust my private and business communications to a company that isn’t as pathological about safety as I am, especially seeing as I have discovered Google is letting another government read my e-mail without asking my permission or informing me. (I really have nothing to hide from the National Security Agency and, if they are reading my e-mail, I’d like to ask that they return the favour by replying to them. It’s the least they could do.)
What Google needs to do, well, is an Apple. The app gods in Cupertino stringently block — er, sorry, quality test — apps so that only approved ones get onto Apple’s App Store. It may be slow, arbitrary in its rejections, and generally opaque in its policies, but Apple makes sure the apps it allows on its devices won’t rip its customers off — least of all Apple itself, which is deeply dictatorial in what can or can’t be allowed in terms of registration and payments via an app. Remember, Apple takes 30% of any transaction through its store.
Despite Android’s market share being more than double Apple’s, developers still prefer to release their app on iOS first because iPhone users tend to spend more readily. The loosely formulated rule of thumb in app development circles is that iPhone users are willing to pay for an app (which mostly cost just US$0,99, or R10), while Android phone users like to get free apps.
Free apps tend to display advertising to make money. A hit app like Angry Birds was making a fortune every month in advertising alone on Android, but it has an enormous installed base. But, as the BBM debacle shows, Android isn’t secure. And that’s a bad omen for Google.
- Toby Shapshak is publishing editor of Stuff magazine. Follow him on Twitter
- This column was first published in the Financial Mail