What could be simpler than that. Both Google’s Play Store and Apple’s iOS and macOS App Stores are curated but one seems to suffer fools more than the other. Google is in the business of tracking its users, so remember this– to Google you’re part of the product; you’re not a customer, instead, you’re a user so the incentive to maintain privacy and security is different than Apple.
That may not be why Google Play Store is so porous and has so much malware, but maybe the search engine giant and online stalker can’t tell the difference. This weekend I read a Yale University study which says three of every four apps on Google’s Play Store have tracking plugins. If you don’t want to be tracked, that is tantamount to malware.
Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is defined by its malicious intent, acting against the requirements of the computer user — and so does not include software that causes unintentional harm due to some deficiency.
The key in that definition is “acting against the requirements of the computer user.” If you don’t want to be tracked but apps do so anyway, then that’s part of the definition for malware. Some research says that about 98-percent of all malware known to mobile devices– smartphones and tablets– take up residence on Google’s Android OS, and many of those originate on the Play Store.
What about Apple’s iOS and Mac App Stores? Not so much. In fact, it’s not so much as to be difficult to find, let alone count.
Who does all that background tracking on apps? Tom McKay explains some of the Yale results:
The trackers involved allowed the apps to identify users based on third-party data, track movements, map interpersonal relationships among users, and track both offline movement and shopping habits. One named Fidzup is powerful enough to track users’ movements in retail stores using sonic emitters or wi-fi signals and serve them ads based on where they may be roaming within the store. Even apps for seemingly innocuous purposes, like the AccuWeather and the Weather Channel apps, included trackers monitoring “web browsing and app usage behavior over time and across digital properties”
Wait. There’s more!
Dozens of popular applications which pose as security apps for Android devices in the Google Play Store were found to be distributing malware. Danny Palmer explains:
Smartphone users download security applications to help protect their device and data from cyber attacks and hackers. But attackers can also exploit for their own ends, as demonstrated by a total of 36 phoney security tools discovered in the Google Play store for Android which instead of protecting the user, served up malware, adware and even tracked the location of the device.
Whatever techniques Google employs to curate applications on the Play Store don’t seem to be as effective as whatever Apple does on the App Store. Here’s just one example that has infected up to 7.5-million Android devices from applications downloaded from Google Play Store which is supposed to be monitored and curated by Google’s staff:
Up to 7.5 million Android users could have fallen victim to malware posing as a series of flashlight and other utility apps downloaded from the official Google Play Store. Dubbed LightsOut by the researchers at Check Point who discovered the malicious apps, the adware was hidden in 22 apps in the Play Store, which in total have been downloaded somewhere between 1.5 million and 7.5 million times.
When was the last time you read about such trashy apps on iPhone or iPad?
In this case, Google might be your friend. Search for “android malware” in Google and you’ll be treated to a long and growing list of malware on Android and the Play Store.
Here’s another: Sumit Chakraborty:
Similar to other banking malware, this one also sneaks into login data, SMS, contact lists and uploads them to a malicious server. Additionally, apart from the banking apps, this Trojan also targets cryptocurrency apps present on a user’s phone.
At last count it was up to 232 banking applications. Apple Pay is starting to look pretty good, huh?
Now, do the same search on Google but adjust it to “iphone malware.” Instead of a list of malware events, you’ll get some news regarding the latest Intel, ARM, and other CPU vulnerabilities announced last week. Simply put, there just isn’t much malware to worry about, which makes it easier to say Google has malware and Apple does not.