MobileRead Forums - View Single Post

zartemis · 01-01-2011, 10:42 PM

I gave this advice in the suggested app thread, but will repeat it here:

The official marketplace is really best. And you should always read comments before dowloading any app from there to make sure it isn't a rogue app. The iTunes app marketplace has a high degree of oversight from Apple, while the official Android marketplace has very little oversight. However, bad apps will eventually be removed when noticed by enough market users. If the app has a very low star rating, you probably don't want it (it is buggy, doesn't do what it claims, or is malicious).

Please be careful out there, you could install an app that phishes for your passwords or that sends out spam from your device when you are connected to wifi. Check the ratings, read the comments, and, for the most part, stick to apps offered in the official market. If the app isn't offered in the market you should find out why and be satisfied with the answer (reasonable reasons (IMHO): it is opensource and there isn't a dev responsible who wants to send it through the market, it's a beta version offered by a dev with a good track record of other quality market apps, or a free trial version is there but the dev doesn't like the market terms for the pay version and reliable people vouch for the app).

A good rule of thumb is to only use apps from the official market (don't install apk's directly) and only download if it has at least several hundred ratings and an average of 4 stars or more. Let other people guinea pig the newer apps if you are unsure.

Here's some additional advice on choosing and installing apps on your device:

Never enter a password into an app unless the app is from the company/website you have the password with. E.g. never enter your google/gmail password into an app unless it is published by google. The Android marketplace lists the developer for each app.

Most quality web services (like google) have a way for you to authenticate external programs without giving your password. For Google, you only want to use apps that use Google's OAUTH service. I'll give an example:

Memento -- a decent database application that allows you to sync your data with Google Docs/Picasaweb.

When this app first came out, the developer had set it up so if you wanted to sync with Google Docs you had to enter your google password into it. This is not good. You don't know how the app is written -- it could send the password back to the developer. No way was I using this feature. I and others requested that the developer use Google's OAUTH method. It has since been implemented. Now to sync with Google Docs you tap a button in the app which launches a web browser to www.google.com where you tell google that the app is OK. The app never gets your password but you have the ability to have that app sync with your account -- and you can withdraw that ability at any time, through Google (*)

If an app requires you to enter a password to a site not directly associated with the developer of that app, uninstall the app. Even if the app is strongly vouched for by other users, I still don't consider this safe. I never used the Memento syncing feature until OAUTH was implemented (the program is useful without the syncing feature).

* To view and change apps/websites that you allowed OAUTH access to, visit your Google account settings: https://www.google.com/accounts/ManageAccount and click "Change authorized websites".

01-01-2011, 10:42 PM	#5
zartemis Addict Posts: 283 Karma: 2002 Join Date: Nov 2007 Device: Kindle3, Kindle2, Nook, NookColor	I gave this advice in the suggested app thread, but will repeat it here: The official marketplace is really best. And you should always read comments before dowloading any app from there to make sure it isn't a rogue app. The iTunes app marketplace has a high degree of oversight from Apple, while the official Android marketplace has very little oversight. However, bad apps will eventually be removed when noticed by enough market users. If the app has a very low star rating, you probably don't want it (it is buggy, doesn't do what it claims, or is malicious). Please be careful out there, you could install an app that phishes for your passwords or that sends out spam from your device when you are connected to wifi. Check the ratings, read the comments, and, for the most part, stick to apps offered in the official market. If the app isn't offered in the market you should find out why and be satisfied with the answer (reasonable reasons (IMHO): it is opensource and there isn't a dev responsible who wants to send it through the market, it's a beta version offered by a dev with a good track record of other quality market apps, or a free trial version is there but the dev doesn't like the market terms for the pay version and reliable people vouch for the app). A good rule of thumb is to only use apps from the official market (don't install apk's directly) and only download if it has at least several hundred ratings and an average of 4 stars or more. Let other people guinea pig the newer apps if you are unsure. Here's some additional advice on choosing and installing apps on your device: Never enter a password into an app unless the app is from the company/website you have the password with. E.g. never enter your google/gmail password into an app unless it is published by google. The Android marketplace lists the developer for each app. Most quality web services (like google) have a way for you to authenticate external programs without giving your password. For Google, you only want to use apps that use Google's OAUTH service. I'll give an example: Memento -- a decent database application that allows you to sync your data with Google Docs/Picasaweb. When this app first came out, the developer had set it up so if you wanted to sync with Google Docs you had to enter your google password into it. This is not good. You don't know how the app is written -- it could send the password back to the developer. No way was I using this feature. I and others requested that the developer use Google's OAUTH method. It has since been implemented. Now to sync with Google Docs you tap a button in the app which launches a web browser to www.google.com where you tell google that the app is OK. The app never gets your password but you have the ability to have that app sync with your account -- and you can withdraw that ability at any time, through Google () If an app requires you to enter a password to a site not directly associated with the developer of that app, uninstall the app. Even if the app is strongly vouched for by other users, I still don't consider this safe. I never used the Memento syncing feature until OAUTH was implemented (the program is useful without the syncing feature). To view and change apps/websites that you allowed OAUTH access to, visit your Google account settings: https://www.google.com/accounts/ManageAccount and click "Change authorized websites". Last edited by zartemis; 01-01-2011 at 10:48 PM.