Store benefits
Wasn’t one of the supposed benefits of these vendor provided stores that they only contained legitimate apps ?
A security researcher has claimed that a cumulative half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud. Icebrg's Justin Warner and Mario De Tore spotted the extensions while investigating a spike in outbound traffic from a workstation in a customer's network. The company …
Well to be fair, other vendor's stores seem to be relatively safe. It's Google's that keeps coming up repeatedly, and Google that do the least checking of what they allow in.
So while the idea of a vendor store isn't perfect - I'm not sure if the problem isn't actually Google.
"It's Google's that keeps coming up repeatedly"
They're also a victim of their own success - regardless of how they managed it, Chrome is currently the most popular browser, and thus the biggest target. The same for Android on mobile, and Windows on desktop - if Google manage to raise Chrome OS's market share above a rounding error to something with a bit more presence, I'd wager that will be targeted too.
But right now, the spotlight is very much on Google as more and more people are starting to realise just how far they have descended from their "Don't be evil" ivory tower into the pit of money-grubbing corporate greed, and just how much control they potentially have over the information we can access.
To be fair to Google I think they have a problem with corporate culture, rather than that they're just evil and greedy.
Although I also think they're greedy. Oh and arrogant.
I wouldn't use the word evil though. They brought that on themselves by saying don't be evil - but I'd use another of their quotes, "we want to go up close to the creepy line but not cross it." So creepy and greedy seem fine. And smug. Did I mention arrogant?
But I think that Google genuinely buy some of their own bullshit about how you can solve all problems with computers and completely free information. They also use it as an excuse to steal peoples' personal data or abuse peoples' copyright on Youtube for gain. So like most of us a mix of some clever long-term planning, some idealism, some greed and a large dollop of self-justification.
That culture causes some of these mis-steps (like trying to do all the app store testing automatically and not with humans). I'm sure the greed bit applies here a bit too. But then the huge dose of arrogance kicks in, in not fixing the problem when it should be obvious that you can't just solve these problems by chucking more processors at them.
It's why I think Google will generally fail in the consumer electronics market. They don't do messy stuff like customer services or admitting that could possibly have got anything wrong. And they assume that everyone lives in a world of having data connection (and infinite allowance) whereever they go. And they just seem to prefer computers to people. As I said creepy. And arrogant.
A bit of both, probably. Over time, the extra traffic generated by the clicks will add up for the end-user. If you're on a spectacularly miserly metered tariff, you could end up with your Internet access severely throttled and/or charging you money for overages. (Especially if you're handwaving tethered access over mobile, for example, where limits tend to be much lower.)
Depends on how enthusiastic the click-fraud thing is, I guess.
Because it has some kind of delay, so it waits a month. Or it waits until 10MB of data has been downloaded. Or it downloads non-malicious updates first. Or it's looking for Google monitoring software. Or... you get the picture...
So are Google going to offer Justin Warner and Mario De Tore a reward for their efforts?
Whilst Google doesn't develop the app's in the store, they do make claims about the store and the quality of app's it makes available. Thus any app that is up to no good has the potential to knock Google's reputation. So it is in Google's interest to offer rewards and bounty's to researchers who uncover malicious apps that have sneaked under Google's radar.