Security Windows

How Secure Is the Windows App Store?

Dan Price 02-09-2016

The Windows Store took a hammering when it first launched back in early-2012. It was widely criticized for a poor selection of apps How Dead Apps Are Drowning the Windows Store Dead apps are everywhere in the Windows Store. Why are apps abandoned, how does it affect users, and how could Microsoft solve this dilemma? We analyze the sad state of the Windows Store. Read More , its usability was terrible, and the apps themselves lagged way behind their desktop counterparts Desktop vs. Microsoft Store Apps: Which Should You Download? Should you get your Windows apps from the Microsoft Store, or use traditional desktop programs? Here are the main differences. Read More in terms of features.


But the biggest problem it faced — and still faces — is security. It was littered with scams and copycat products, seemingly innocuous apps were found to harbor malware, and the list of requested permissions was often out of control.

But has the situation got any better? Is the Windows Store now a reliable and secure service, or are there still problems?

In this article, I take a look at what the store used to be like, what it’s like now, and draw some comparisons with other popular app stores.

The Way It Was: Fake Apps Everywhere

Originally, the Windows Store offered a poor user experience. Searching for popular software — such as the incredibly versatile VLC Player 7 Top Secret Features of the Free VLC Media Player VLC should be your media player of choice. The cross-platform tool has a bag full of secret features you can use right now. Read More or iTunes — would yield thousands of results. Hundreds of them would copy the legitimate app’s logo, description, and screenshots.

Just take a look at what a search for VLC used to look like:


VLC in Windows

And here’s a screenshot of two apps purporting to be Apple’s iTunes software:

iTunes in Windows

If you weren’t a savvy computer user, it was easy to be lured into the trap.


The trap was especially effective if there wasn’t an official version of the app in the store. For example, because VLC made an app, the legitimate download was listed first. Apple did not release a Windows Store version of iTunes — so every single listing was fake.

Often, the only way to tell the app was not the real thing was to read the small-print, but even that wasn’t a fool-proof method.

The fact Microsoft allowed all these apps to enter the app store is bad enough in itself — but the worst part is that thousands of users were ripped off in the process. The fake apps almost always charged for the download, and prices as high as $10 USD were not uncommon.

Why was Microsoft so slow to respond to these complaints? The cynics would say it’s because the company took a cut of every sale.


What’s the Current Situation?

The situation has improved greatly; Microsoft have introduced lots of new checks and balances, and it’s easier than ever to find apps you can actually trust How to Find Apps You Can Trust in the Windows Store Microsoft's app store is better than its reputation, but you'll still run into scam, fake, and insecure apps. We'll show you how to identify an app's trustworthiness. Read More .

For example — the store’s terms and conditions have become a lot more robust.

They now include the following line:

Security tests: This first test checks your app’s packages for viruses and malware. If your app fails this test, you’ll need to check your development system by running the latest antivirus software, then rebuild your app’s package on a clean system.

They also address the fake apps problem:


Offer real value with your app. Provide a compelling reason to download your app from the Store.
Don’t mislead our joint customers about what your app can do, who is offering it, etc.
Don’t attempt to cheat customers, the system or the ecosystem. There is no place in our Store for any kind of fraud, be it ratings and review manipulation, credit card fraud or other fraudulent activity.

Sounds great, but there are still issues.

The Malware Problem

It’s worth noting that back in 2014, when the fake apps problem was at its peak Don't Be Fooled! 5 Tips To Avoid Fake Apps In The Windows Store The Windows Store has been spoiled by useless junkware and scams. Microsoft recently purged many fake apps, but the store still features questionable apps. We show you how not to get scammed. Read More , there was no evidence of malware at play. Malwarebytes and Avast both said they couldn’t find any apps laced with malware within the store.

However, some of the shadier apps undoubtedly have a malware problem — with the viruses often being delivered by deceptive in-app messages.

For one such example, you only need to look back to May 2016. A BitTorrent client called Torrenty presented itself like this after being opened for the first time:

Torrenty Screenshot

It looks fine in theory — but that “Update pending” message was not part of the app’s interface. It actually linked to a web page that immediately tried to download a program titled Setup.exe. According to ZDNet, the file was flagged as dangerous by 24 different anti-virus scanners.

A year ago, another user complained that his daughter had downloaded an app called Video + Subtitle DX. It had changed his search screen, placed adverts all over the operating system, and installed a remote access application.

A cursory Google search reveals many similar instances.

At Least It Includes a Digital Signature

One redeeming feature of the store is that it makes use of digital signatures.

These allow the store to know which apps are installed on your machine along its key characteristics.

If an app’s code is attacked by malware, the signature of that app will be changed. This alerts Windows and the operating system will block the app from running. It’ll even download a new, clean version from the App Store.

It’s not fail-safe — hackers are notorious for finding bypasses and loopholes — but it’s a step in the right direction.

How Does the Windows Store Compare?

How does Microsoft’s offering stack up against its biggest three rivals, the Google Play Store, Apple’s App Store, and Ubuntu’s Apps Directory?

Here’s a quick summary of the security features in place across those three stores.

Apple App Store

Apple’s App Store is thought of as the gold standard in terms of security. In theory, it’s bulletproof — everything needs to run in a sandbox, apps can only communicate through pre-approved Apple channels, and the company boasts a dedicated team of app reviewers.

Apple App Store Security

But even the sector’s original trendsetter isn’t immune from problems Malware Invades Apple's Walled Garden, 85 MPH Bike Ride...[Tech News Digest] The best-selling adblocker for iOS shut down two days after launch, Steam offers 1500 Linux games, Volkswagen was cheating on emissions tests, and an iconic Windows sound heard in an entirely new way. Read More .

For example, in February 2016 it was discovered that Chinese developers had managed to upload an app that was actually a third-party App Store client. It presented itself as an English-learning app to reviewers and people on IP addresses outside China, but within China, it showed users how to set up a provisioning profile and download modified versions of popular apps for free.

It’s not a stretch of the imagination to understand how this loophole could be exploited by serious cyber criminals.

Google Play

Google Play has suffered from its own problems How 95% of Android Phones Can Be Hacked with a Single Text A new Android vulnerability has the security world worried - and it leaves your smartphone extremely vulnerable. The StageFright bug allows malicious code to be sent by MMS. What can you do about this security... Read More in the past. The store still isn’t as robust as Apple’s offering, but it’s been getting much better.

Google Play Store Security

Google now claims it vets every app developer, insists installed apps are regularly scanned for problems, and also requires every app to be housed in a virtual sandbox.

Ubuntu Apps Directory

Ubuntu’s developers don’t have the financial clout of Microsoft, Apple, or Google – but they still manage to do a rigorous job of keeping the store safe.

They also use a review process for new apps and all apps in the store run under “confinement”. In practice, it means apps only have read/write access to a set of specific directories and they need to declare security policy groups for access to be granted to most of a device’s functionalities and content.

Are they better or worse than the Windows Store? You can draw your own conclusions.

Do You Trust the Windows App Store?

What have your experiences with the Windows Store been like?

Were you caught out by a rogue app? Did you discover malware in something you downloaded? Or do you think the store’s reputation is now largely unfair given the recent improvements?

You can let us know your thoughts and opinions in the comments section below.

Related topics: Malware, Online Privacy, Online Security, Windows Store.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *