0
  • What checks (static analysis, dynamic analysis etc.) does Google, Apple, Amazon etc. do on their app stores with each app developer submit? Are they automatic or manual?

  • Does any app store review every single line of code?

Sir Muffington
  • 1,536
  • 2
  • 11
  • 23
maskin
  • 129
  • 7
  • 2
    1) Your question is very broad: "What checks ... etc." is very broad, the list of companies is also very broad, especially because you use "etc." 2) The internal rules of particular companies are off topic on this site. One should ask those companies about their rules, not this site. All this makes the question off topic on this site. – mentallurg Dec 28 '22 at 11:58
  • This, like your other questions, is more like a research question with several components to it. And I don't think this is on-topic here. Like your efforts to create guides, this sort of thing would work well on a blog, not on a Q&A site. – schroeder Dec 28 '22 at 14:45
  • @mentallurg I'm not sure how one can find out these answers except asking a community like this one, perhaps super users StackExchange but that's not security. For example apple doesn't seem to want to expand on what they do, even though the 3rd party store/side loading debate is happening right now? I figure this still fell until Risk management and policies so in scope. – maskin Dec 28 '22 at 17:32
  • 1
    @maskin: This site has some rules. Not every question can be asked here. For instance, you cannot ask questions like "What you think of ... ?" or "What product would you recommend to ... ?" or "Why the company X allows Y in their application?" etc. These can be interesting questions to many people. But they should be asked in *other* communities. – mentallurg Dec 28 '22 at 17:35
  • "*Does any app store review every single line of code?*" almost always no, considering that the source code is usually not uploaded to the app store. – Andrew T. Dec 29 '22 at 15:55
  • @AndrewT. Thanks, that's sad... – maskin Jan 02 '23 at 11:50
  • @mentallurg Yep, understood, I've tried to explain my reasoning, thanks for replying :-) – maskin Jan 02 '23 at 11:50

1 Answers1

-1

All

  • Code review on each line of code

Probably no store does this

Major Stores

Google Play Store

  • Automated checks

Google Play Protect

  • Reported to be poor quality
  • Google doesn't care based on the lack of good positive coverage of this tool in 2022, Andriod came out several years ago?

"Play Protect falls short of the mark with disappointing third-party malware detection results" 1

"The good news is that its ability to find and remove dangerous code is improving." 1

"Google should steal a page from Microsoft’s playbook by throwing extra resources and talent at Play Protect to make it a world class security app that just happens to be free. Over the last three years, Microsoft transformed its Defender malware product from a joke into one of the best ways to protect devices." 1

Emphasis/grammar edited by the author, Source dated 02 June 2022

ios

App Review

App Review by Apple employees

  • "Inside the app review team, Apple employees manually screen every single iPhone app before they become available to download on Apple’s platforms, the people said." 3

  • "Reviewers compare the app with Apple’s public App Store guidelines, including making sure it runs without crashing and isn’t full of illegal content. Then the reviewers make a call whether to accept, reject or hold the app. Most reviewers spend only a few minutes per app, but many apps are simple and only require a short period to evaluate, the people said." 3

3rd party Android stores

Amazon AppStore

??

F-Droid

??

Neo Store

??

IzzyOnDroid

??

APKMirror

??

Aptoide

??

Aurora Store

  • Different frontend for Google Play, I guess

Sandboxed Google Play

  • GrapheneOS is not a separate store

Sources 1 2 3 4 5

maskin
  • 129
  • 7
  • 1
    Welcome to the community. Sorry for the downvote, this usually doesn't happen here. But I have to point out, that your answer is very non-technical and vague in my humble opinion, then again we can't really know what specific automatic reviews are done by companies either... P.S. no, I didn't downvote your answer and question. – Sir Muffington Dec 28 '22 at 11:03
  • Again, you are trying to bite off more than you can chew and added a ton of off-topic material. The question you asked was "how do they do the checks?" Keep your answer to that. – schroeder Dec 28 '22 at 14:43
  • @SirMuffington Thank you – maskin Dec 28 '22 at 17:30
  • @schroeder Damn, that's frustrating, I did strip a lot of notes out – maskin Dec 28 '22 at 17:30
  • 1
    I did a quick google search for Google Play Protect (the name for their app scanning programme) and there is so much detailed info about how they check, what they check for, etc. that it would be *impossible* to include it all here. So, I really do not think that this is answerable on a Q&A site. Again, you can tackle this research project, but post your results on a blog or something. This is not the best place for this. – schroeder Dec 28 '22 at 18:24
  • @schroeder Thanks, from searching not sure Google cares that much about making it a good product though? "Google Play Protect .... but that’s where it stops. Play Protect falls short of the mark with disappointing third-party malware detection results. The good news is that its ability to find and remove dangerous code is improving." https://www.tomsguide.com/reviews/google-play-protect Dated June 02 2022 – maskin Jan 02 '23 at 11:52
  • "Google ... Microsoft’s playbook by throwing extra resources and talent at Play Protect to make it a world class security app that just happens to be free. Over the last three years, Microsoft transformed its Defender malware product from a joke into one of the best ways to protect devices." https://www.tomsguide.com/reviews/google-play-protect Dated June 02 2022 – maskin Jan 02 '23 at 11:52
  • @schroeder Err urls please if that's isn't too much trouble? I'll be sure not to update the answer here as we've agreed that's out of scope – maskin Jan 02 '23 at 12:03