The Windows Store took a hammering when it first launched back in early-2012. It was widely criticized for a poor selection of apps, its usability was terrible, and the apps themselves lagged way behind their desktop counterparts in terms of features.
But the biggest problem it faced — and still faces — is security. It was littered with scams and copycat products, seemingly innocuous apps were found to harbor malware, and the list of requested permissions was often out of control.
But has the situation got any better? Is the Windows Store now a reliable and secure service, or are there still problems?
In this article, I take a look at what the store used to be like, what it’s like now, and draw some comparisons with other popular app stores.
The Way It Was: Fake Apps Everywhere
Originally, the Windows Store offered a poor user experience. Searching for popular software — such as the incredibly versatile VLC Player or iTunes — would yield thousands of results. Hundreds of them would copy the legitimate app’s logo, description, and screenshots.
Just take a look at what a search for VLC used to look like:
And here’s a screenshot of two apps purporting to be Apple’s iTunes software:
If you weren’t a savvy computer user, it was easy to be lured into the trap.
The trap was especially effective if there wasn’t an official version of the app in the store. For example, because VLC made an app, the legitimate download was listed first. Apple did not release a Windows Store version of iTunes — so every single listing was fake.
Often, the only way to tell the app was not the real thing was to read the small-print, but even that wasn’t a fool-proof method.
The fact Microsoft allowed all these apps to enter the app store is bad enough in itself — but the worst part is that thousands of users were ripped off in the process. The fake apps almost always charged for the download, and prices as high as $10 USD were not uncommon.
Why was Microsoft so slow to respond to these complaints? The cynics would say it’s because the company took a cut of every sale.
What’s the Current Situation?
The situation has improved greatly; Microsoft have introduced lots of new checks and balances, and it’s easier than ever to find apps you can actually trust.
For example — the store’s terms and conditions have become a lot more robust.
They now include the following line:
Security tests: This first test checks your app’s packages for viruses and malware. If your app fails this test, you’ll need to check your development system by running the latest antivirus software, then rebuild your app’s package on a clean system.
They also address the fake apps problem:
Offer real value with your app. Provide a compelling reason to download your app from the Store.
Don’t mislead our joint customers about what your app can do, who is offering it, etc.
Don’t attempt to cheat customers, the system or the ecosystem. There is no place in our Store for any kind of fraud, be it ratings and review manipulation, credit card fraud or other fraudulent activity.
Sounds great, but there are still issues.
The Malware Problem
It’s worth noting that back in 2014, when the fake apps problem was at its peak, there was no evidence of malware at play. Malwarebytes and Avast both said they couldn’t find any apps laced with malware within the store.
However, some of the shadier apps undoubtedly have a malware problem — with the viruses often being delivered by deceptive in-app messages.
For one such example, you only need to look back to May 2016. A BitTorrent client called Torrenty presented itself like this after being opened for the first time:
It looks fine in theory — but that “Update pending” message was not part of the app’s interface. It actually linked to a web page that immediately tried to download a program titled Setup.exe. According to ZDNet, the file was flagged as dangerous by 24 different anti-virus scanners.
A year ago, another user complained that his daughter had downloaded an app called Video + Subtitle DX. It had changed his search screen, placed adverts all over the operating system, and installed a remote access application.
A cursory Google search reveals many similar instances.
At Least It Includes a Digital Signature
One redeeming feature of the store is that it makes use of digital signatures.
These allow the store to know which apps are installed on your machine along its key characteristics.
If an app’s code is attacked by malware, the signature of that app will be changed. This alerts Windows and the operating system will block the app from running. It’ll even download a new, clean version from the App Store.
It’s not fail-safe — hackers are notorious for finding bypasses and loopholes — but it’s a step in the right direction.
How Does the Windows Store Compare?
How does Microsoft’s offering stack up against its biggest three rivals, the Google Play Store, Apple’s App Store, and Ubuntu’s Apps Directory?
Here’s a quick summary of the security features in place across those three stores.
Apple App Store
Apple’s App Store is thought of as the gold standard in terms of security. In theory, it’s bulletproof — everything needs to run in a sandbox, apps can only communicate through pre-approved Apple channels, and the company boasts a dedicated team of app reviewers.
But even the sector’s original trendsetter isn’t immune from problems.
For example, in February 2016 it was discovered that Chinese developers had managed to upload an app that was actually a third-party App Store client. It presented itself as an English-learning app to reviewers and people on IP addresses outside China, but within China, it showed users how to set up a provisioning profile and download modified versions of popular apps for free.
It’s not a stretch of the imagination to understand how this loophole could be exploited by serious cyber criminals.
Google Play has suffered from its own problems in the past. The store still isn’t as robust as Apple’s offering, but it’s been getting much better.
Google now claims it vets every app developer, insists installed apps are regularly scanned for problems, and also requires every app to be housed in a virtual sandbox.
Ubuntu Apps Directory
Ubuntu’s developers don’t have the financial clout of Microsoft, Apple, or Google – but they still manage to do a rigorous job of keeping the store safe.
They also use a review process for new apps and all apps in the store run under “confinement”. In practice, it means apps only have read/write access to a set of specific directories and they need to declare security policy groups for access to be granted to most of a device’s functionalities and content.
Are they better or worse than the Windows Store? You can draw your own conclusions.
Do You Trust the Windows App Store?
What have your experiences with the Windows Store been like?
Were you caught out by a rogue app? Did you discover malware in something you downloaded? Or do you think the store’s reputation is now largely unfair given the recent improvements?
You can let us know your thoughts and opinions in the comments section below.