Category Archives: Security

Google’s mismanagement of the Android Market

Earlier this week, CNET ran an article critical of the permission model of the Android Market. Google’s response to the criticism was that “each Android app must get users’ permission to access sensitive information”. While this is technically true, one should not need a PhD in Computer Science to use a smartphone. How is a consumer supposed to know exactly what the permission “act as an account authenticator” means? The CNET opinion piece “Is Google far too much in love with engineering?” is quite relevant here.

Google does far too little curation of the Android Market, and it shows. Unlike Apple’s App Store, the Android Market has few high quality apps. A study by Larva Labs (the developers of the excellent Slidescreen app) estimates that Apple has paid out 50 times more money to developers than Google has. While the Android Market is available in 46 countries, developers can only offer paid apps in 13 countries (for instance, Canada has only had access to paid apps since March 2010). In addition, the price for foreign apps is not displayed in the user’s local currency and developers do not have the option of customizing pricing by country. To make matters worse, you can’t pay for foreign apps using your Amex card or carrier billing. There’s also no support for in-app payments and changelogs (to communicate app changes).

Below are just a few examples of what’s wrong with the Android Market. Those 144 spam ringtone apps (which are clearly infringing copyright) are currently cluttering the top ranks of the Multimedia category. I was not surprised to find that they were being monetized through Google Ads.

Trademark and copyright infringement is widespread in the Android Market:

The music downloading app “Tunee” (one of many such apps) is one of the Top Free apps in the Multimedia category with more than 250k downloads. While some would dishonestly try to pretend that such apps are meant for downloading public domain classical music, the developers of Tunee are very clear about their intent. Their screenshot shows copyrighted music by the band Muse (Warner Music Group) being illegally downloaded.

These apps are damaging to companies that are building legitimate Android music apps (e.g Rdio, Spotify and MOG), not to mention Amazon whose MP3 store comes bundled with most Android phones in the U.S. Is Google’s strategy to turn a blind eye to illegal music downloading until they launch their own music store?

Developers and users are getting fed up and it’s time for Google to clean up the house.

Follow me on Twitter

Monkeys needed at DoubleTwist

Photo by Tetsuro MatsuzawaIf breaking down proprietary barriers and empowering consumers sounds like your cup of tea, send us your résumé. If you know of someone who might be interested, please forward this to them.

Opening: Reverse Engineering Monkey
We’re looking for a code monkey to work on our DRM interoperability technology. Must possess strong skills in the areas of cryptography, reverse engineering, AJAX, code disassembly, code protection/obfuscation and software optimization. Experience domesticating penguins and eating apples is a plus.

Required skills include C, C++, x86 ASM, DRM and Windows APIs. Strong mathematical knowledge of algorithm analysis and implementation is desired. Minimum of 3 years of directly related experience.

Your favorite number is 0×90.

Location: Antarctica or your home country.

Opening: Senior Software Monkey
We’re looking for a senior code monkey to work on our audio/video products. Must have strong experience designing, implementing, debugging and optimizing userland applications. Multi-platform experience is desired.

Required skills include C, C++, C# and Windows APIs. Requirements include strong experience with current digital audio/video technology (MPEG4, H264 and AAC). Minimum of 5 years of directly related experience.

Location: San Francisco or Norway.

Skype security FUD

There’s an article in Swedish newspaper Aftonbladet titled “Your boss can spy on your Skype session“.

From the article:

Andy Swärd discovered the security hole by accident. He was logged into the same Skype account on two computers and noticed that his chat messages showed up on both computers.

– Today it’s usual for companies to assign their employees Skype accounts. This means that your boss and your colleagues can monitor what you’re doing at work, he says.

IT and security “expert” Joakim von Braun is quoted in the article as saying: “Skype really should have better security for chats”.

This is an amazing discovery! I’ve been using this Skype feature for quite some time and never realized it’s actually a security hole… but then again, I’m not a security “expert”.

PS: Did you know that if someone has your email password, they can read your email?