Thursday 1 August 2019 4:08 am

‘Techlash’ risks making us less secure, as we swipe right for the Wild West of apps

Amelie Dunder is head of finance at Oslo-based app security company Promon.

It’s fair to say there’s been a lot in the news across the world recently.

Between a new British Prime Minister, protests in Hong Kong and Russia, foreboding temperatures, and Marks & Spencer scrapping its free biscuit offering, things have been uncharacteristically busy for this usually sleepy time of year.

As a result, I wouldn’t blame you for missing an innocuous-seeming technology story from a few weeks ago. The world’s cyber-Cupid, Tinder, declared that user payments would now be taken in-app, rather than through the Google Play Store. 

You can understand why this grabbed fewer headlines than the cabinet culls and a British confectionary revolution. Tinder’s decision, however, may be symptomatic of an immensely concerning trend. 

Match, Tinder’s parent company, changed its payments system in order to avoid Google’s blanket 30 per cent take on purchases made via the Play Store (which drops to 15 per cent after the first year). Given that Match makes nearly half its revenue through the Tinder app, bypassing Google’s commission seems to make commercial sense – reflected by the fact that Match’s share price increased 4.5 per cent on the day of announcement.

Match isn’t the first to perform this fiscal sidestep, either. Epic removed the Fortnite app from the Google Play store earlier in the year; Netflix stopped taking new user payments through the iOS app last December; and Spotify is currently arguing in the EU courts that the equivalent “Apple Tax” is in breach of competition law.

As an app security expert, this makes me nervous. The logical response from Apple and Google is to remove apps like Tinder from their platforms, meaning that if you want to swipe right you have to download the app outside of the ecosystem. Crucially, to do this a user has to activate the “allow installs from unknown sources” function on their device.

Suddenly, then, we’re living in the Wild West: a free-for-all where it’s the user’s responsibility to distinguish between genuine companies and cyber bandits. And this has real consequences.

Take the “Agent Smith” malware which infected 25m devices in Asia in July. Its route of entry was a “dropper” app, which mimics famous products but carries debilitating malware that can harvest data and install other malevolent programs. Downloading apps like this is the digital equivalent of leaving your front door open. 

2019 was predicted to be the year of the “techlash”, and there have been plenty of reasons for increased scepticism towards the digital giants. But we shouldn’t lose sight of how the Google Play and App Store infrastructures have been secure, user-friendly canvases on which developers around the world could innovate and build huge digital companies.

Google and Apple are far from perfect. But the digital perils in countries where they are banned (such as China, where there are over 400 different app stores) vindicate the expression “better the devil you know”. 

If the trend continues here and more purchase-requiring platforms follow in Tinder’s footsteps, the summer of 2019 might have another landmark moment: the beginning of the transition into the Wild West of apps.

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.