Linked by Thom Holwerda on Tue 12th Jan 2010 23:38 UTC
Google Ah, and there we have it: another chapter in the discussion between open and closed when it comes to application stores. A phishing application, masquerading as a banking application from First Tech Credit Union, made its way onto the Android Market. It was removed quickly, but the damage is done.
Thread beginning with comment 403865
To view parent comment, click here.
To read all comments associated with this story, please click here.
Laurence
Member since:
2007-03-26

Interesting argument. It would also mean that Linux application hives or what a hell you call them these days are also faulty, since in essence they are app stores or rather app warehouses.


I don't think it's a big a problem on Linux since the apps on are open source (ie the package maintainers can go in and remove offending code should there be any).

But obviously, even open source is no guarantee as it's impossible to check all of the source all of the time and furthermore Linux's repository model wouldn't work for the iPhone/Android et al as there's a whole business around the sale of closed binaries on those platforms.

Reply Parent Score: 2

strcpy Member since:
2009-05-20


I don't think it's a big a problem on Linux since the apps on are open source (ie the package maintainers can go in and remove offending code should there be any).


How does this relate to open source exactly? Like Apple couldn't go in and remove offending code should there be any. And like Apple, open source "vendors" are not liable, nor claiming to be, to possible "bad software" (malware, software with critical security vulnerabilities, etc.) possibly distributed via their channels.

It is about centralized control, which in my opinion is a good thing. And when you remove the jargon and look this from more theoretical point, open source "repositories" and commercial "app stores" are pretty much the same thing.

Reply Parent Score: 2

Laurence Member since:
2007-03-26

How does this relate to open source exactly? Like Apple couldn't go in and remove offending code should there be any. And like Apple, open source "vendors" are not liable, nor claiming to be, to possible "bad software" (malware, software with critical security vulnerabilities, etc.) possibly distributed via their channels.

You've blown my comment out of proportion. It wasn't an attack on Apple nor anyone else.

I'm just stating that in Linux a lot of bugs are captured when the distro devs are packaging for their repositories (as it's not usually as simple as just adding a file to their catalogue).
So to debug them, they have to go in and amend the source code.
Hence why I suggested that malware could potentially be picked up there too.

The reason I state that this doesn't apply to Apple is simply because (AFAIK) their iPhones app store just receives binaries that they approve or deny.
So if there's malware - they can't amend the binary. They can only decline it.

But obviously the iPhones business model is different hence why I couldn't see Linux style repositories working on the iPhone (else Google wouldn't have gone down the closed source option as well with their Android app store)

I'm not trying to state that either business model is better nor that Linux will catch all malware (just that there's a potential for Linux to capture some before it hits the users much like how Apple strictly test their 3rd party iPhone apps before publishing them)


It is about centralized control, which in my opinion is a good thing. And when you remove the jargon and look this from more theoretical point, open source "repositories" and commercial "app stores" are pretty much the same thing.

I 100% agree and I never, at any point, claimed otherwise.

In fact, all of the points I've made re repositories have stated just this (though sometimes more inferred than literally stated)

Reply Parent Score: 2