Verify Apps is Necessary and Great

There are innumerable security risks that come with downloading software.  The risks aren’t all apps designed to steal your bank account info, or brick your device, or spam your friends.  They aren’t even necessarily going to negatively impact you directly.  In fact many are so subtle that you may never notice them at all.  Of course you want to avoid apps that will hurt your device or steal your information, but you also want to avoid apps that violate your boundaries as well.

Consider the apps “Songs” and “Prized.”  These apps were used to mine cryptocurrencies without user knowledge or consent.  It ate up the bandwidth of users.  It also ate up the energy supply, but it was designed to be unnoticeable because it only mined the cryptocurrencies while the device was charging.  The negative nature of these apps was discovered by Tend Micro.  But the market is so large that by the time this was discovered the apps had already been downloaded over one million times each.  While a typical user could track such malicious uses of his device if he is paying attention by seeing that the device took longer to charge than usual and would run a bit hotter than normal (although anyone with a case may not be able to feel the heat), most threats aren’t immediate.  Consider such attacks that aren’t necessarily even designed by the app designer.  If an app designer includes adds as a form of monetization and also requires permissions such as access to the phones contacts then the adds that they are providing may be able to gain access to the user’s contacts as well.

To deal with this minefield google has pushed out an upgrade to “Verify Apps” which will monitor apps and ensure that they are behaving normally not just when initially installed but also long after they’ve been installed.


Songs and Prize Source: http://arstechnica.com/security/2014/03/apps-with-millions-of-google-play-downloads-covertly-mine-cryptocurrency/
Verify Apps Source: http://officialandroid.blogspot.co.uk/2014/04/expanding-googles-security-services-for.html