Beware When Temptation Meets Opportunity
in the Mobile World
By Brian Boston
Playwright George Bernard Shaw once wrote, “Marriage is popular because it combines the maximum of temptation with the maximum of opportunity.”
Shaw didn’t have the experience of seeing “Flappy Bird.”
Flappy Bird?
If you aren’t familiar with this game, designed for mobile devices, let me get you up to speed.
The goal and design of Flappy Bird is very simple; guide a cartoon bird through breaks in columns of green pipes without touching them. You tap your device to keep his wings flapping enough to navigate though the breaks. Of course, that is a fiendishly hard task … and, as it appears, highly addictive.
If you’d like an idea of the game, here’s a
YouTube video of the game played by a veteran. He made 90 points look easy on this try. Most people manage less than 5 points.
Released last year for iOS and Android devices, the game became the number one free game in Apple’s US App store and developed quite a following. Then, in what Vietnamese creator Dong Nguyen later described as a fit of conscience around the game’s addictive nature, he removed it from both the App Store and Google’s Play store in February.
That Is When Things Went Crazy…
Nguyen received death threats. The prices of phones with the game pre-installed went through the roof on Ebay. Instead of dissipating as Nguyen hoped, the frenzy around the game increased.
This is where maximum temptation mixed with maximum opportunity. Flappy Bird clones started appearing.
Over the next month, Pocket Gamer estimated that
60 clones were appearing each day in the Apple App Store. Apple and Google started rejecting apps that resembled the original game.
More Game Than You Expected
SophosLabs reported in detail one direct copy of fake infected Flappy Bird they found in alternative Android markets within days of the Flappy Bird’s removal from the Google’s Play Store.
“…if we dig into the permissions of the original app, and compare them to the impostor, you'll quickly see what's changed. The genuine application asks for network access (it serves ads), but not much more: But the impostor wants as much as it can get, notably including the right to send SMSes for you.”
The latest news on this front is what MacAfee Labs released in their
June Report. They tested 300 of the available Flappy Bird clones and found that 80% of the apps contained malware:
“Some of the behavior we found includes making calls without the user’s permission; sending, recording, and receiving SMS messages; extracting contact data; and tracking geolocation. In the worst cases, the malware gained root access, which allows uninhibited control of anything on the mobile device including confidential business information.”
Step Back From the Clones
Clone apps or apps that claim to offer the same features and functionality are an ongoing problem for most mobile app stores. If a newly popular app shows up in one major mobile store, you can count on clones showing up almost immediately in the other stores or even in the same store, like another popular game called “
2048.”
While not all Clones are malicious, they are rarely as good as the original. ArsTechnica reported
on an uncannily duplicated clone of 1Password, a well-regarded password database. The clone, now removed from the App Store, retailed for $1.99, $16 less than the price of 1 Password developer Agile Bits'
original login-storing app and provided less protection.
How Do I Avoid Cloned and Possibly Malicious Apps?
Make sure that you get the app you are searching for. Often the best place to start is not actually in the mobile store itself. With millions of apps overall and dozens of similar apps, the chance of getting the wrong app is high if you try just searching the store.
Start with a general web search for your desired app. Often popular, legitimate apps will have a separate web site or you will find a review site with the app’s information. Either they will have a direct link into the store, or, armed with the app author’s name or company, you will be able to discriminate between the app you want and similarly-named clones.
Look carefully at app permissions. This is a screen we usually blow by when getting an app from a mobile store. A free app may need network access to update in-app advertising but it usually doesn’t need to send or review text/SMS message or access your contact information.
Look at your permissions in the store before installing the app. Does it make sense, especially when you look at similar apps?
Android users should avoid downloading from third-party stores. While iOS devices must use Apple’s App Store, Android lets you “sideload” apps from other stores.
This is important since Amazon, Samsung, and many other smartphones and tablets makers have their own store in addition to the
Google’s Play Store … and there are non-affiliated stores I would not use unless you were confident of their app submission policies.
I’m Baack…in August
I wonder what George Bernard Shaw would have thought of that.
Space Wars: The Wrath of OneDrive?
The recent launch of Amazon’s Fire Phone with its cloud storage options two weeks ago has launched a new salvo, followed by a major upgrade by Microsoft of its storage options this past week.
The
Fire Phone allows you unlimited cloud storage for your entire collection of Amazon purchased books, video, music and photos you have taken on your phone. In addition, you get 5 gigabytes (GB) of “personal storage” and free backup of your phone settings.
After my previous exploration of
Space Wars, Microsoft returned fire on Monday on the
OneDrive Blog by announcing that the 7 GB free that most people had is moving up to 15 GB. In addition, the home version of Office 365 which previously supported 5 people with 20 GB per person of storage is now up to 1 terabytes (TB) per person. This matches it with a similar upgrade in Office 365 for Business a few weeks ago.
In addition, prices for additional storage dropped 70%.
Who’s next in the Space Wars Saga? It’s anybody’s guess.
Do you have a follow up on this topic or technical question on that needs to be answered or explored? Please share it with me at
brian@bostonlegacyworks.com. Your question may show up here on Tech Talk.