Several months ago, Google began using a more human-based process for reviewing apps submitted to be published on the Google Play store, the company announced on Tuesday.
Eunice Kim, product manager for Google Play, wrote in a post that the new process involves a “team of experts” tasked with identifying violations to Google's developer policies, and will ultimately better protect users. The post also includes details on the introduction of a global content rating system for apps and games.
Domingo Guerra, president and founder of Appthority, told SCMagazine.com in a Wednesday email correspondence that he thinks the new process is great for Google Play, as well as for consumers and enterprises.
“The move to augment Google's traditional automated analysis with manual analysis might further improve app security (presumably, even more malware will be identified before it reaches the store), but the manual analysis will definitely improve the compliance to Google Play developer policies on the apps admitted and offered in the store,” Guerra said.
Since early 2012, Google has leveraged automation – using tools such as Bouncer – in order to speed up the approval and rejection cycles for apps submitted to the Google Play store, Guerra said. In the post, Kim explained that there has been no noticeable change in the time it now takes for apps to hit the market.
Although steps are being taken to tighten up the security of the Google Play store, Guerra said that no system is impenetrable – on Wednesday, mobile security company Lookout posted about 13 apps with adware that made it into the Google Play store.
Lookout identified one instance of "HideIcon" adware and 12 instances of "NotFunny" adware, both of which were described as pushing aggressive advertisements and ultimately disrupting the user experience, according to the post.
Jeremy Linden, senior security product manager with Lookout, told SCMagazine.com in a Wednesday email correspondence that Google has removed all 13 apps, which include a Christmas ringtone app, widgets that change the battery icon, voice changer apps, and more.
“Because some of the developers re-uploaded their applications to Google Play without the adware component, we are not naming any of the applications,” Linden said. “We want to make sure that if a developer wants to clean up their act they have the opportunity.”
Linden said that Google's new process for reviewing apps is a great idea, but he explained that enterprises and consumers should be relying on layers of defense, including a security app, to protect devices just in case a malicious app does make it into the Google Play store. He added that industry collaboration will help with identifying and removing threats.
Guerra agreed. “To make the store even more secure, Google could collaborate with other app security leaders in the space, to work together at detecting and decreasing app threats in the Google Play store,” he said.