Naked Security Naked Security

Google plays Whack-A-Mole with naughty Android developers

Android developers without a track record are going to be submitted to more checks in order to stamp out those of “bad faith.”

Following updates to Android application programming interfaces (APIs) and Google Play policies, some developers have been surprised to find they’ve been blocked from distributing apps through Google Play.

Sorry, Google said on Monday: we’re playing Whack-A-Mole with “bad-faith” developers.

Google said that the “vast majority” of Android developers are good at heart, but some accounts are rotten to the core.

At least, some accounts are suspended after “serious, repeated” violations of policies meant to protect Android users, according to Sameer Samat, VP of Product Management, Android & Google Play.

Samat said that such developers often try to slip past Google’s checks by opening up new accounts or hijacking other developers’ accounts in order to publish their unsafe apps.

In order to fend off those repeat offenders, developers without an established track record can henceforth expect to be put through a more thorough vetting process, Samat said.

Sorry for the 1% of blunders

As with any move made to boost Android security, this one’s bound to misfire, he said – although he claimed that 99% of Google’s suspension decisions are correct.

The company isn’t always able to share the reasoning behind deducing that a given account is related to another, he said, but developers can immediately appeal any enforcement.

Appeals are reviewed by humans, he noted, in spite of what may feel like responses coming from automated reject-o-bots.

If a human on the team finds that an account was mistakenly suspended, Google will reinstate the account.

Taking more time to review apps that come from developers without track records should help Google make fewer mistaken decisions on developer accounts, he said, though Samat didn’t give details about the additional checks.

Samat said that the reason for the change is that people want their data protected when apps get control of it, and they expect that Android should be calling the shots to make sure it is:

Users want more control and transparency over how their personal information is being used by applications, and expect Android, as the platform, to do more to provide that control and transparency.

Enforcing the wall around the app garden

Putting new developers through a tighter wringer follows other recent policy changes, including taking a closer look at app permissions by requiring app makers to disclose what data they intend to collect and restricting access to some features on phones.

Late last year, Google started by changing SMS and Call Log permissions to protect sensitive user data better.

For example, SMS permissions are now restricted to specific uses, such as when you choose an app to be their default text message handler.

As a result of that change, Google said that the number of apps with access to this sensitive information has decreased by more than 98%.

But it sounds like that reduction came with some developer pain, given the not-so-rosy feedback.

Google got complaints about unclear documentation; slow answers to questions on policy requirements; a cumbersome appeals process; and difficulty getting to speak to an actual person.

Google’s response: we’re going to use clearer language in emails about policy rejections and appeals, and we’re going to use more humans to speed up appeals responses and make them more personalized.

Starting in August, Google’s also going to require apps to work with the latest, most secure versions of Android APIs.

Leave a Reply

Your email address will not be published. Required fields are marked *