
Tales from the spam filter of an Android app developer - bluegopher
http://raccoon.onyxbits.de/blog/android-app-developer-spam-filter/
======
nneonneo
Site's being hugged to death, archive here:
[http://archive.is/tx2oF](http://archive.is/tx2oF)

The gist is that spammers message the publishers of Play apps looking for
willing developers to (a) integrate random tracking/advertising/analytics
"SDKs", (b) integrate dubious/malicious software like cryptocurrency miners,
P2P relays, or (c) sell their app outright.

The idea is that, at any given time, you don't know whether an app you've
downloaded from the Play store has done any of these things, and the spammers
probably know they can keep such "infected" apps on the Play store for long
enough to turn a profit.

~~~
Causality1
Too many good apps fall victim to the temptation. For example, ES File
Explorer. It went from a great app to one with too many ads to outright
malicious and now the developer is banned from the app store entirely. I still
haven't found a file manager that let's you manage mtiple tabs of file folders
with windows shared folders with the same level of elegance.

~~~
ikeboy
Wow, I was not aware of that. Should I delete the version I'm using?

~~~
baxtr
I learnt a nice way to answer these kind of questions for myself lately. Ask
yourself the following question: _One which side do you want to fail?_ (or on
which side do you want to err?)

Do you rather have an app on your phone with access to your files that most
probably runs dubious software alongside? Or, do you rather not miss out on
the elegance and convenience it provides? I guess the answer depends largely
on the content of your files and your personal preferences.

~~~
nneonneo
Interesting thought - a spammer can use the Play Store’s visible metadata on
an app to decide which ones to prioritize. For example, one criteria might be,
apps with lots of interesting permissions, decent number of users, but no
recent updates. For such an app a spammer could increase their incentives or
try more hard-sell tactics.

~~~
bluegopher
Not really that far fetched. It's the Raccoon blog. Raccoon, being an open
source APK downloader partially reimplemens the play store app and app
discovery is what that app is all about.

------
HillaryBriss
it comes down to a criticism of:

1\. Google Play Store's requirement that app devs publicly post a contact
email address

2\. Google's failure to invest more into eliminating bad apps from the App
Store (somehow)

3\. Google's scorched earth policy with regards to sucking all of the money
out of the ecosystem for itself and a very small number of app dev winners --
leaving most of the app devs in the poverty zone

Google could partially address #1 by creating a mail relay which filters out
the bad library actors. App devs could use an address into the relay instead
of publicly posting their own address and being left to fend for themselves.
Of course, that would mean _even more of a developer 's customer communication
would be routed through Google_. So that's not exactly optimal either.

------
saagarjha
I don’t see why this is specific to the Play Store? Surely the App Store has
the same issues (point of contact, “free with ads” model, tracking SDKs)?

~~~
mirimir
Does the App Store do a better job of policing truly malicious malware?

~~~
saagarjha
App Store apps in general have significantly fewer ways to be “truly
malicious”, and App Store review is somewhat more stringent than Google’s
process from what I’ve heard. However, run-of-the-mill tracking SDKs are
commonplace on both stores.

------
iamnotacrook
The argument is the Play Store is unsafe/untrustworthy because developers get
spam emails. Is that it? Is there anything to discuss here?

------
mfatica
Why does it need to be?

~~~
saagarjha
They’re built on a model of providing curated, safe content, as opposed to the
“wild west” of installing random software from the internet?

~~~
mfatica
Are they though? Last I checked that describes Apple's App store not Android

~~~
FussyZeus
You're not wrong, but it's one of the many reasons that the Play store has
become a complete sewer in terms of quality, safety, and legality of the
products offered.

Like Facebook, Twitter, etc. Google built the Play store (and Android at
large, really) as a barn with all the doors open, and have been slowly closing
them when users get too angry about a given (ridiculous for a multi-billion
dollar corporation) problem.

Apple, on the other hand, built a walled garden and added doors to it as
needed, and occasionally has taken some away too. You can use the cynical read
and say this is to further their position in the market as the "pro privacy"
alternative to Google, or you can say it's part of their core company ethos,
but the result is the same either way: buying an app off the App Store carries
little/no risk, and Apple strongly favors users during any issues that may
arise. Play store on the other hand can be 100% safe or extremely risky, with
little/no way to tell beforehand, and Google's end user support is notoriously
terrible.

