14 DAY TRIAL // In stark contrast with the previous examination process of apps published in Android’s official marketplace, which relied on an automated verification routine, Google disclosed recently that entries in Play Store are now reviewed by a team of experts before becoming available in the repository.
The experts are in charge with verifying if the Google-defined policies for app developers are respected when the product is submitted for publishing.
Different security policies are checked
Among the aspects checked is impersonation, which comprises anything from the developer pretending to be someone else to the app claiming to be authorized or created by different entity that would lead to gaining the trust of users. Basically, discovering that an app or its developer misleads the user in any way puts a stop to the publishing procedure.
Another security-related policy is integration of dangerous code into the product; this could be anything from malware to functions that collect user information without their knowledge, or run update routines via other methods than Google Play’s update mechanism.
All this and more has been subject to verification from Google employees for several months, as Google Play product manager Eunice Kim said in a blog post this week.
It appears that, despite relying on human intervention, the app publishing process has not been impacted significantly and the products become available to the wider audience in a matter of hours.
This is possible because the human factor is aided by automated systems that run a preliminary scan and detect obvious infringements of Google's policies.
More clear results are still to emerge
This approach, which Apple has been relying on for a long time for policing content in its official repository for iOS content, is aimed at better protecting Android clients against all sort of malicious activities.
It is unclear if the method has proved to be a successful one in the case of Google and more evident results should become available as time passes.
In the meantime, security researchers stumbled towards the end of February upon some apps in the Play store that displayed advertisements in a very aggressive manner; these have since been removed.
Furthermore, it was discovered that crooks also rely on the books section in the official Android repository to spread malicious apps hosted on third-party marketplaces.