July 27, 2012, 10:56 AM — Android is facing renewed criticism for its app distribution policies, which developers are calling "designed for piracy." Is this something that Google could have avoided a long time ago?
The hubbub is grounded in a story that hit the wires earlier this week about game publisher Madfinger Games having to drop the price of the game Dead Trigger from $.99 to free due to what they called "unbelievably high" piracy rates on Android.
On the same day, Scottish app developer Matt Gemmell chimed in with a very thorough examination of why piracy is such a problem on the Android platform. Gemmell's main point: Android's very openness enables far more piracy than there exist on Apple's iOS platform.
"If you don't already know how to install pirated software on your Android device, here's a tutorial on how to 'sideload' Android apps (in practice, as with most articles that mention 'backups' of software from nebulous sources, this is a tutorial about piracy)," Gemmell wrote.
The capability to sideload apps has long been a vector for potential malware on Android, and Gemmell levels charges that it's a big channel for piracy, too.
"The system is designed for piracy from the ground up. The existence of piracy isn't a surprise, but rather an inevitability," he adds.
Gemmell's comments are a spot-on observation. I always tell my friends not to sideload anything because of the malware vector problem, which has always bugged me about the Android. To discover that piracy is rampant enough to actually kill sales of apps is just mind-boggling.
The good news in all of this, if you can call it that, is that beginning with Android 4.1 "Jelly Bean," this problem will be alleviated.
"From Jelly Bean and forward, paid apps in Google Play are encrypted with a device-specific key before they are delivered and stored on the device. We know you work hard building your apps. We work hard to protect your investment," Google developer Angana Ghosh wrote on the Android blog June 27.
Author's note: Several readers have pointed out that app encryption has been around since Froyo, which is true. But according to this article, "in Jelly Bean, the forward locking implementation has been re-designed and now offers the ability to store APKs in an encrypted container that requires a device-specific key to be mounted at runtime." My error was in assuming the entire idea was new, but that was incorrect.
Note that I wrote "alleviated"--not "fixed." While apps will be locked to devices from Jelly Bean on, it does not affect the millions of earlier, non-Jelly Bean devices out there, which are still being sold and won't be updated to Android 4.1 anytime soon, if ever. Once again Android's fragmentation problem rises up to prevent needed innovation.
Which gets to what's really bugging me about this solution: why wasn't app encryption figured out and implemented before this? Surely this problem of piracy didn't happen overnight, and just as sure as the sun rises in the east, app developers would not have been quiet about their displeasure.
I realize that Google wants to tout Android's openness, but there's a difference between being open and being stupid. Linux, after all, is very open: but the operating system itself is locked down to prevent malware from running unchecked. Putting app encryption on Android doesn't keep apps from being bought outside Google Play, so the ecosystem is still open. It's just sideloading paid apps that will be prevented.
(And not, you will note, free apps, which means malware can still(!) have that vector.)
This is a solution that was long overdue, and I think it's carelessness on the part of Google to screw with its app developers like this. Contrary to popular belief, most people don't code for open source platforms purely for the enjoyment of being open. They also do it because they need to eat. Which means making money.
If Google was assuming that people would self-police themselves and keep sideloading to a minimum, they were playing a fool's game. It's not that smartphone users are hardened criminals--they actually may not understand that sharing an app is the same as stealing it--especially when the feature to share apps is so easily available.
Hopefully with this new block in place, piracy of paid apps will start to decline to reasonable levels and Android may finally be taken seriously by developers who want to get paid for their work.
Read more of Brian Proffitt's Open for Discussion blog and follow the latest IT news at ITworld. Drop Brian a line or follow Brian on Twitter at @TheTechScribe. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.