App stores have had a tough time recently. Not only has Apple had the task of cleansing its China region store of hundreds of popular apps which had been built using a subverted version of its Xcode SDK so that they came with free embedded malware (XcodeGhost), but several of the other stores have been wrestling with their own issues.
My own brush with these was when we babysat for our daughter after her wedding. Our 11 year-old grandson has a Nokia Windows 10 phone, and was looking in the official Microsoft app store for a free app which would let him play on a piano keyboard. He installed one and started to play on it. After a minute or so, up popped a browser window informing him that he had won an iPhone 6s in a Nokia competition – a bizarre idea to even the most naive! – and offered buttons to click and surrender his name, address, and other personal details.
I was shocked that such an overt phishing attack should come courtesy of an app from the official app store, but this appears to be not uncommon away from Apple’s often-criticised walled gardens.
Although there were various smaller precursors, app stores became serious business in 2008, when Steve Jobs finally accepted that iPhones needed third-party apps, and Apple launched its iTunes App Store for iOS. Since then, almost all the major players have dived in, and the current list (excluding games consoles) includes:
- Amazon Appstore for Android devices
- Apple’s iTunes App Store, for iOS phones, iPads, the Watch, and most recently Apple TV
- Apple’s Mac App Store for OS X
- Canonical’s Ubuntu Software Centre for Ubuntu
- Google’s Chrome Web Store for Chrome devices
- Google Play, for Android phones and other devices
- Microsoft’s Windows Store for Windows apps
- Microsoft’s Windows Phone Store for Windows 10 phone and similar devices (absorbed into the main Windows Store)
- Valve’s cross-platform Steam Store for games.
A few minutes spent searching for criticism of any of them will return sufficient hits to confirm that their success has been heavily qualified. In July 2015, Steam had a password reset bug which caused havoc for a while, and periodically there are claims that some Android apps have contained malware: DroidDream is probably the best-known example.
There has also been a succession of whingestorms on Twitter and other social media, resulting from apps which are pulled from stores, or refused by them, despite many users considering that they were acceptable. In an effort to protect their shop windows, each of the major app stores has long and complex policy documents which attempt to define what is, and what is not, acceptable. Inevitably these are sufficiently subjective as to tie the store operator in knots, when ‘tricky’ apps are submitted.
But many of these stores have become highly profitable, both in terms of direct sales, and indirect benefits by strengthening sales of mainstream products. They are also a major influence on operating system image, much like an Oxford Street or Fifth Avenue shop window: if the user sees a screenful of rip-offs and dodgy tat, then that brands the store, the operating system, and its host hardware.
Thankfully our grandson also has an iPad Mini, and will be looking in the iTunes App Store for something which he can trust. For now, at least.