Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Do Smartphone Apps get audited?
12 points by hosa on June 30, 2021 | hide | past | favorite | 4 comments
I remember I read that article in the past about the guy who reverse engineered TikTok, and thats how we found out it was collecting too much information about you.. Another article about some apps that monitor the clipboard which would allow your passwords to be revealed .. I believe Not just for security reasons , but for efficiency reasons as well, I have used several apps that for some reason consume too much power(cpu) or memory .. So my question is , what does Google and Apple do to protect its users? I would imagine an honest organization should exist whose mission is to take the source code from every proprietary app developer,analyze and audit it.. And publish its findings..



Apple can be quite strict. We had a contact tracking feature in our app early during the pandemic, before the gov implemented an official one. Apple was not happy with this and asked us to show some backing that it's officially supported by the government. From my dealings with Apple, they have always been very bullshit-proof, where even a Fortune 500 company can't coax them into loosening their policy.

Google have greatly ramped up their efforts. It used to be that they audited apps to make sure the in-app purchases were going through them, but now they've updated Android policies a lot to cater for security violations. File access has been limited, similar to iOS. You now need permission to access things like locations from maps. Camera, mic, every thing that shady companies like FB did in the background and now much more highly restricted.

I don't think you can really audit code. It would be a complete pain to audit something built in Cordova; even a Hello World hybrid app is a nightmare. They have some nifty performance tracking, though.

Let me paste a few that they track: Excessive wake-ups, Stuck partial wake locks, Excessive background Wi-Fi scans, Excessive background network usage, ANR/Crash rate, Excessive slow/frozen frames, Permission denials.

They also give notifications on what can be done to improve both security and performance. They notify things that increase or decrease ratings - majorly punishments to rating for things like overheating or privacy concerns, but minor bonuses for people who say things like "nice update".

Also there were rumors that apps that didn't meet these guidelines would have their ratings punished. I noticed a sharp drop in search rank once when I had a viral spike in uploads, likely because the ASO algorithm watched it as buying downloads/reviews, but it recovered the position after a few weeks.


> So my question is , what does Google and Apple do to protect its users?

They enforce a rigorous review process of all app builds, of course. (it's hard to say this with a straight face)


Thank you for your answer.. I dont think there is enough transparency regarding this issue..


They don't do anything really, besides ensuring they get their cut and cover their ass.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: