Severe Security Flaws Found In Security Apps

August 1st, 2014

trendmicro.pngTrend Micro has a post on how flaws have been found in some file locker apps. The problem is that developers have mistakenly thought that hiding sensitive information makes it secure. Unfortunately, you can’t get security through obscurity. The scary thing is that consumers have been trusting these apps with their particularly sensitive information. One of the apps has over 50 million downloads and others have downloads of millions of users.

The apps should be encrypting data and also securing the decryption key.

Android vs iOS Device Replacement

July 31st, 2014
benedictevans.pngBenedict Evans has some analysis on Android device replacement. He concludes that people are replacing their Android devices more frequently that the 24 month industry average. During the recent peak growth period, replacement was closer to one year. Benedict supposes that the iPhone replacement is longer than a 24 months.

cumulativeandroidactivations.png 

An interesting observation is that the…

"Android ecosystem has to sell significantly more phones than Apple to get the same number of active users"

and

"a given number of iPhone unit sales might mean more customers than the same number of Android unit sales"

The comments in Benedict’s blog post provide some guesses why the replacement cycles differ. Meanwhile, it’s good news for developers. It means that older devices, on older versions of Android are quickly being replaced for newer Android versions. We can also see evidence of this in the Google Dashboard where Android 4.0.3+ now represents over 85% of devices (accessing the Play Store). For most projects, we have already reached the point where it’s uneconomically viable to develop for pre Android 4.0.3 (ICS) thus also easing the development complexity of most Android app development.

IDC Smartphone Vendor Stats

July 30th, 2014

idc.gifIDC has new smartphone vendor shipment stats for Q2/2012. After the pre-2013 growth, smartphone shipments have plateaued at around 280 million devices per quarter. However, as time progresses, the incumbents Samsung and Apple are seeing increased pressure form Huawei, Lenovo and ‘others’ who are gradually gaining market share.

While Samsung and Apple remain strong, if the trend continues then developers can expect to see a greater variety of ‘top-used’ devices in the coming years.

idcvendorshipmentsQ22014.png

Related Articles:

Android Security Perfect Storm Pending?

July 29th, 2014

threatpost.pngLast January I reflected on my Android-only strategy and commented that a worrying area is Android security. The severity and number of vulnerabilities has since grown. For example, only today, the FakeId bug was publicised that affects all versions of Android from 2.1 to 4.4. Allied to this is poor security in top used apps. Again, only yesterday, it was found that Instagram doesn’t use https. People in the Android system need to better understand what they are up against.

Are we heading for an Android security perfect storm event? I really hope I am wrong but I think it’s probably only a matter of time before Android sees a significant security scare involving a very large number of people. 

Related Articles:

Has Your Android App Been Repackaged as Malware?

July 25th, 2014

trendmicro.pngTrend Micro have an interesting recent article on repackaged Android apps. That is, apps that have been downloaded, reverse engineered, modified and re-uploaded to app stores to look like the original app. Modifications often include malware to capture private data and/or generate income from advertisements. Trend Micro found that nearly 80% of the top 50 free apps on the Play store had bogus versions.

 fakeapps.png

This is not to say apps downloaded from the Play store are likely to be re-packaged. Trend Micro said none were found on the Play Store but instead were on other 3rd party stores.

Nevertheless, it’s a problem if you are a developer or stakeholder of an app. Someone is using your IP to generate income and/or infect people who might eventually blame you. You will also end up providing support for those bogus apps.  I have some further information if you wish to make your app more difficult to reverse-engineer.

Related Articles:

IDC Tablet Shipments Q2 2014

July 24th, 2014

idc.gifIDC has the latest Q2 2014 tablets shipments. The market declined a little by 1.5% with Apple and Acer seeing the larger market share losses. Lenovo saw the largest market share percentage gain. However, a large percentage gain of not a lot (2.4%) is still not a lot (3.3%).

idctabletsq22014.png 

IDC say the market is being impacted by the rise of large-screen smartphones and longer than anticipated ownership cycles. 

Assessing App Store Revenue

July 23rd, 2014

benedictevans.pngBenedict Evans has an insightful post comparing Google and Apple app store revenue. Only very recently have Google publicly stated Play Store revenue, I guess because only recently has it become large enough to compare to Apple App Store. The main conclusion is that while Google has about double the number of devices, it pays out about half that paid out by Apple.

 benedictevansappstorerevenue.png

Benedict explains that app store revenue isn’t an ideal way to compare the platforms/stores because the majority of the revenue is for games. I suspect things might look different if games were excluded. Also, the numbers don’t include revenue on other 3rd party app stores such as Amazon. Benedict also asks what will happen in the near future when the Android user base will double but Apple’s won’t.

Whatever the outcome, the key thing for me is that app store revenue is mostly irrelevant. I have observed that none of my clients over the last two years have sold apps - not even via in app purchases (IAP). Maybe this reflects the fact that the majority of app store revenue is for games. Instead, my clients have been more interested in using mobile as a tool for getting important things done. Those ‘things’ have either been a small yet important part of their business or in a few cases have used a specific kind of device, for one purpose, to create a new business. They are not selling apps, they are selling products based on apps.

Related Articles:

New Android 4.3 Quad Core Single Board Computer (SBC)

July 22nd, 2014
udoologo.pngA Kickstarter project came to fruition recently with the availability of the UDOO quad core 1GHz single board computer that can run Android 4.3. The board measures only 11cm x 8.5cm and has 76 fully available GPIOs, HDMI, WiFi, Ethernet, USB, Mini USB and type A USB.

 

udoo.png 

This board is great for experimentation and might even find itself used in Internet of Things (IoT) projects.

Related Articles: