Is Google Play Really Populated With Fake Apps?

Aug.26.14 | About: Alphabet Inc. (GOOG)

Summary

Trend Micro, a Japanese cyber-security software company, recently released a controversial 26-page report claiming that Google Play was inundated with fake and repackaged apps.

The report indicated that more than half of the fake apps carried malware.

Google realized gross revenue of $5 billion from app sales in 2013, and accounted for 75% of all mobile app downloads.

Trend Micro, a Japanese cyber-security software company, recently released a controversial 26-page report claiming that Google's (NASDAQ: GOOG, GOOGL) mobile marketplace, Google Play, was inundated with fake and repackaged apps, with more than half of the fake apps carrying malware. That's a very serious allegation, and one that can potentially have far-reaching consequences for Google Play. It's one thing when people routinely claim that Apple's (NASDAQ: AAPL) iOS is a lot more secure than Android; it's another thing altogether when a cyber-security company claims that more than half of the apps on Google Play are a potential hazard to users.

The question that begs for an answer is: were Trend Micro's bold claims warranted?

Serious claims

In its report, Trend Micro had specifically said that 77% of the top 50 Google Play apps had fake versions, with 51% of these fake apps classified as either aggressive adware or malware. Google Play has more than 1 million apps. The implication by Trend Micro's claims is that the sample it tested is representative of apps in Google Play.

There is no denying that Google Play is sometimes the target of malicious apps. For instance, according to Sophos Labs, Google found and removed about 100 malicious apps from Google Play in 2011. There are claims, however, that Google does not always act in a timely manner, and a malicious app can be downloaded several thousand times before somebody sounds the alarm. Still, 100 fake and malicious apps in about half a million or so apps (assuming that was the number of apps in Google Play in 2011) works out to 0.02%, and not 77% as Trend Micro claims.

There are other bold claims by an organization known as RiskIQ that its tests revealed that 42,000 of Google Play apps in 2013 were found to contain spyware and information-stealing software programs. That's a pretty big number since it works out to more than 4% of total Google Play apps. RiskIQ claims that Google managed to remove less than 25% of these malicious apps in 2013, compared to more than 60% removed in 2011.

Third-party apps to blame

Google is yet to confirm or deny the Trend Micro and RiskIQ claims. But there are some notable discrepancies. For instance, Sophos Labs claims that 100 fake apps were found and removed from Google Play in 2011, while RiskIQ puts the figure at 7,000.

Jack Wallen, a Tech Republic journalist, did some follow up on the Trend Micro report. When the journalist called HCK partners, the company that had sent out the controversial press release on behalf of Trend Micro, for clarification, the company said that all of the apps they had tested were from third-party sources and none came directly from Google Play. Talk of word play here.

Android Knox integration could be the panacea

Google Play is a very important revenue source for Google. The company realized gross revenue of $5 billion from app sales in 2013, and accounted for 75% of all mobile app downloads. App Store, on the other hand, realized revenue of $10 billion, despite accounting for just 18% of total mobile app downloads. The two companies usually retain 30% of revenue from app downloads after paying out 70% to developers.

The same story continued in the first-quarter of fiscal 2014, with Google Play having the lion's share of downloads but App Store laughing all the way to the bank.

Source: App Annie

But that's not all. Google also makes a lot of money from app-related ads. Although Google does not usually provide the revenue breakdown for Google Play, Citigroup analyst Mark May estimates that Google Play will generate net revenue of $3.2 billion in fiscal 2014 (ad revenue + Google's 30% cut on app downloads), or about 6% of the company's overall revenue, and the figure will grow at a CAGR of 43% to reach $7.2 billion by 2017.

Google can, therefore, hardly afford to take potentially damaging claims about its app store lightly. But, the good news is such claims, whether malicious or fully deserved, might soon become a thing of the past.

Google announced in June that it will integrate Samsung's Knox Security technology into Android. Users will be able to utilize Knox's superior security and data-separation capabilities later this year. The integration of Knox directly into Android will eliminate a major headache for Google, especially in the enterprise. iOS controls 71% of the enterprise mobility market, compared to just 25% for Android. Security concerns have remained a major roadblock for Android's penetration into the enterprise mobility market.

ABI research estimates that although enterprise mobility accounts for 30% of the mobility market, it's growing at twice the rate of the consumer mobility market and will reach $340 billion by 2017. A better and more secure Android platform has the potential to win Google more enterprise mobility customers.

Conclusion

Although its hard to ascertain whether or not the claims made by Trend Micro and other organizations regarding fake apps on Google Play are true, the integration of Knox into Android later this year might finally rest security concerns regarding Android and Google Play.

Disclosure: The author has no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.

The author wrote this article themselves, and it expresses their own opinions. The author is not receiving compensation for it (other than from Seeking Alpha). The author has no business relationship with any company whose stock is mentioned in this article.