Hidden among the barcode readers, music players and games in the marketplace for Android software may be apps that could steal your online banking credentials or infect your phone.

Google removed about 1 percent of the apps posted to the Android Market last year, according to a 2009 filing Google made to the FTC (.pdf). While most of those apps were removed because of user complaints about adult content or copyright violations, two apps attempted to gain access to users' financial information, according to InformationWeek.

"I am surprised it is that much," says Artem Petakov, co-founder and CTO of WorkSmart Labs, which offers the Cardiotrainer app, referring to the number of apps removed. "I assumed the user reporting and flagging was working better than that."

The possibility of malicious apps in the Android Market has some developers wondering if Google needs to police the marketplace better. It has also raised questions about the impact of these security holes on consumer confidence and app marketing by developers.

Google launched the free, open source Android OS with the T-Mobile G1 phone in October 2008. Unlike Apple, which tightly controls the submission and the review process for its App Store, Google has taken a much more open approach with the Android Market. Developers don't have to wait for Google's approval to get an app into the store. Instead, the search giant and Android creator is counting on users flagging suspicious or malicious apps.

Last month, two credit unions posted a warning to their customers about a rogue app that uses phishing techniques to gain access to a user's banking credentials. Once Google was notified, it moved quickly to remove the app along with about 50 others written by the hacker.

Android Market's malware-related challenges are not surprising, says Patrick Mork, vice-president of marketing for GetJar, a company that has a catalog of 60,000 apps and runs its own app stores for phones.

"Whenever you have an app store, you always have a challenge with people putting inappropriate content or not following guidelines," says Mork. "It's part of the trade, what it takes to run a retail operation."

What Google needs is better monitoring systems and a greater emphasis on ensuring a vibrant yet safe marketplace.

"The most immediate thing they could do is to tighten up their content policing mechanisms," says Mork. "They could add more staff to review apps in greater depth."

Google declined to disclose how many employees it has policing the Android Market.

Android OS could make changes to its user interface to educate consumers who are downloading apps as to the kind of permissions the app has, says Petakov.

Google has a strong interest in keeping the Android Market clean and free. If consumers are spooked or worried about safety of the apps from the Android Market, it could lead to fewer app downloads. That in turn could eat away at developer support for the fledgling operating system.

"Running an operating system and running a retail store front are two different things," says Mork. "Consumer confidence is very important in the latter."

Still, the developers that Wired.com spoke to were clear that Android's open model needs to continue.

"We have benefited so much from the instant posting of our app," says Petakov. WorkSmart Labs releases a version of their app every two weeks. "I prefer this over the iPhone model."

See Also:

Photo: p_kirn/Flickr