The biggest news at Google's Honeycomb event last week was not the Honeycomb UI, but rather the updated Android Market. The Market is now web-based, making it utterly convenient to install applications across all of your Android devices, either from a PC or from any of the devices. Sophos Security (and AppleInsider, with undisguised glee) says that, in fact, it's a little too convenient.
The idea is that with iOS devices you either need to be accessing iTunes from your device or from the iTunes application linked to a particular device to install apps. With the new Android Market, though, all you need is a web browser and to be logged into your Google account. And AppleInsider puts it,
Unlike Apple's iTunes Preview website, which allows users to browse for apps on the web but then directs them to iTunes to securely complete their purchase, Google's new web-based Android Market allows users to select and buy apps directly on the web site and then have the apps remotely installed on their device, something that is touted as a unique feature. [But...]
What if somebody else installs an app on your account?
If someone were able to compromise your Google account (say, through a phishing scheme or brute force attack, then they could not only potentially register a new device with your account and buy countless copies of Fruit Ninja, but could also have rogue software automatically installed on your device without your consent.
The solution is to use a strong password on your Google account. Most of us, however, who are vested in the Google ecosystem, should have a mighty strong password anyway. I know, I know, most people don't, but given that the reach of Google into our personal and professional lives tends to be quite substantial, there's no excuse for "12345" or "password" or "googleisawesome."
Jason Perlow recommends biometrics and he's probably right. However (and this has always been the rub with the company), Google makes things so darned convenient and easy, that most of us are willing to give up some privacy, security, or other bit of our Internet soul in exchange for that one web service to rule them all.
Imagine, even, what the enterprise applications of Google's approach to app deployment could be. Acme Widgets buys 200 Android tablets for its sales staff. It also buys 500 Android phones for the rest of the organization. Every phone gets project management and expense accounting apps while tablets get Docs to Go as well. While we're not quite there from the enterprise perspective, the latest incarnation of the Android Market sets the stage for web-based remote software installs at scale. Have you tried deploying apps to hundreds of iPads?
And what the heck does Angry Birds have to do with any of this? Well, Rovio Software, maker of the wildly popular game, has announced new features that allow Angry Birds to be installed across a wider variety of Android devices. Ultimately, the company hopes that even the lowly Android 1.6 users will be able to play Angry birds. Or that Angry Birds will work on Google TV. Or that it will leverage the best features in Android 3.0. Rovio is at the forefront of making the Android platform fragmentation problem a non-issue, paving the way for the sort of mass deployments described above across heterogeneous devices.
Sure, Google's new web-based market has the potential for users to be stupid and for bad people to do bad things. It also has the potential for households to manage all of their app installations easily and economically and for enterprises to truly be able to manage Android deployments in really compelling ways. Change your passwords, folks. It will be worth the 30 seconds to be able to make use of the unique functionality of Android and its app model.