"critical security problem: developers often store their secret keys in their apps software, similar to usernames/passwords info, and these can be then used by anyone to maliciously steal user data or resources from service providers such as Amazon and Facebook. These vulnerabilities can affect users even if they are not actively running the Android apps. Nieh notes that even "Top Developers," designated by the Google Play team as the best developers on Google Play, included these vulnerabilities in their apps."
One other interesting discovery by these researcher was:
". . . roughly a quarter of all Google Play free apps are clones: these apps are duplicative of other apps already in Google Play."
Which means that a large percentage of free Android Apps are stolen from other developers. . . and downloading one has one chance in four of duplicating apps you already have. Since 70% of the apps in Google Play are free, then almost 200,000 of the apps in the store are clones of other apps.
And that isn't all:
". . . the worst rated [Android app], still had more than a million downloads: it purports to be a scale that measures the weight of an object placed on the touchscreen of an Android device, but instead displays a random number for the weight."
In other words, being un-curated, there is no guarantee that apps do what they are advertised to do. Now it turns out that even the best of them have serious security issues built into them that can compromise many things for the developer and for the user.
Thanks for the explanation. I appreciate it.