
DressCode Malware Hits 400 Apps in Google Play - sarah_adames
https://www.beencrypted.com/dresscode-potential-impact-businesses/
======
pawadu
This is annoying as hell!!

First of all, this could also happen to Apple Store (remember the xcode
backdoor that infected 500M ios downloads?) but Google is doing this just too
easy for maleware creators. There are a number of issues that googles need to
address to improve their store security:

1\. a developer rank system. How do I know if Joe Developer is a trusted guy?
Do Google honestly wants grandpa to keep track of who has and who hasn't a
good track record?

2\. make it harder to game the search system. Kinda related to #1, since this
is how the bad devs make money

3\. better trademark protection. If I search for "Facebook" I want to see the
Facebook app. Possibly in a section below it I should see "Apps made to work
with facebook" and "Third party facebook clients" in a separate section.

4\. better use of permissions. As today, I can easily write a flash light app
that requires (and uses) SMS permissions and then manipulate the system to
make it the top search. And people will actually download use the damn thing.

Now a lot of this can be automated and require zero additional cost to Google.
In fact, #3 can easily be enforced with minimal changes to the play console.

