When I set out to shop the Chrome Web Store, I wasn't just browsing for fun. The The Chromebook Pixel's many charms had lured me toward Google's Web-centric Chrome OS, but I needed to know whether it offered an ecosystem I could live with long-term--especially since I'd be leaving behind all the Windows applications I've used for years. The Chromebook's popularity has only increased over the past year, so I couldn't be the only Windows user with a wandering eye.
I already knew that the Chrome Web Store offered decent alternatives to the business apps that I use most of the time. The bigger adjustment for me required basic trust. A Microsoft application, whatever its faults, rolls out on the desktop like a marching band, with a drum major, fanfare, and neat formations. You know you're getting something from a big company with some level of oversight and accountability. But the Chrome Web Store, has no marching band--just a mob of random players, all vying for my attention. Who are these people? Can I trust their apps? Finding the classy ones--and avoiding the creepy and the crummy ones--is a DIY job I didn't want.
Creepy: Bad Piggies malware and other epidemics
There are good reasons to be wary. Late last year, impostor versions of the popular Rovio game Bad Piggies created a malware epidemic in the Chrome Web Store. Before Google could get a handle on the situation, tens of thousands of users downloaded fake Bad Piggie games that displayed extra ads and sniffed out passwords. And just a few months ago, another Chrome app scam hijacked users' Facebook accounts to generate fake Likes and bogus posts.
Malware isn't exclusive to the Chrome Web Store, of course, but the way Google handles new apps invites trouble. Apple and Microsoft vet apps before allowing them to post on their app stores, but Google's automated scanning procedure checks new apps after they appear in the store. "That's a losing gambit," says Paul Roberts, editor of The Security Ledger, "because it still allows a window of time for malicious content to appear on the Chrome Web store."
Roberts says Google has addressed the biggest problem that led to the Bad Piggies malware: Chrome extensions, the little software programs that can modify the Chrome browser. "Google changed Chrome so that extensions could only be installed from the Chrome Web Store and not from third-party sites," he said. Google also disabled existing extensions that were installed by third-party applications.
What's puzzling is that Google's Android ecosystem is already plagued with malware, so you'd think the company would have tried to prevent a similar fate within the Chrome ecosystem. Google's reactive approach makes the thought of leaving the safe, cocoon-like environment of the Windows OS a lot harder, because we can never be quite so sure about what lurks on the Chrome OS frontier.
Sign up for CIO Asia eNewsletters.