Those were the words that Galen Gruman, the executive editor of Infoworld, typed as the headline in a blog post yesterday. The IT expert was ranting about the lack of security in Android Market, the recent discovery of almost a dozen malware-addled apps and the general apathy he perceives among users who "happily give malware apps the permission the Android OS makes them seek to access information stored on the device as well as access to other apps on the device."
Old news, right? But by leveling charges at individual users, not just Google, Gruman constructs a fairly innovative argument. It's not Google that's the problem, says Gruman, but the users who, when confronted with access requests, click through message after message from the app's manufacturer, giving permission for the app to access text messages, and even local data like bank info and photos.
Gruman highlights a company called BullGuard that's working on a green / yellow / alert authentication system within Android Market to alert users to developers BullGuard finds suspect. The notification system would look much like "how modern browsers color-code sites' URLs."
But ultimately Gruman finds users at fault, and he pontificates a number of punishments for users who download phishy apps, such as disabling smartphone access or even cutting bonuses.
Certainly, users need to be held responsible for OK buttons they click. And it is often clear, just from reading reviews, that a certain app is phishing around for user data or sending spammy text messages. But Google is part of the problem, too -- as much as this fact distracts from crafting a polemic blog post. And Google, for one, could start taking a harder look at their apps. Not by screening them beforehand, as perhaps that is too difficult since malware evolves so quickly. But the company should at least start taking a look at the reviews of apps and noticing trojan trends.
It's one thing for a phishy app to remain in the Market for a day or so. But for months? That is unacceptable