Google Pulls 21 Malware Apps From Android Market 242
Hugh Pickens writes writes "CNN reports that Google has pulled 21 free apps from the Android Market that, according to the company, are aimed at gaining root access to the user's device, gathering a wide range of available data, and downloading more code without the user's knowledge. Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users. The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID, and finally act as a wide-open backdoor for your device to quietly download more malicious code. 'If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure,' writes Jolie O'Dell. 'Considering how much we do on our phones — shopping and mobile banking included — it's better to take precautions.'"
Exchange (Score:5, Insightful)
"it might be best to take your device to your carrier and exchange it for a new one"
Yeah good luck with that.
Re: (Score:2)
This advice reminds me of what became a solution rooted dells. TOss it and buy a new one. If you earn $100 and hour then yooooou cost your company about 2x in overhead. By the time you spend an hour diagnosing and 2 or 3 hours restoring your OS from scratch then you might as well have bought a more modern computer with the OS already installed.
So apparently people now have to throw their cell phones out every time they lose confidence in them. Will we have to run Virus software on all android phones? Lo
Re: (Score:2)
Who earns $100 an hour...?
Re: (Score:2)
You may not earn £100 for yourself, but your employer might bill your time with customers at £100/hour.
Re:Exchange (Score:4, Interesting)
You may not earn £100 for yourself, but your employer might bill your time with customers at £100/hour.
If you're being charged out at £100/hour you are probably earning about a third of that, going by the professional rule of thumb of one third salary one third overheads and one third profit.. £33/hour is about £60K/year, which sounds more likely than £200K.
Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.
Re:Exchange (Score:4, Funny)
Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.
The sad part of that statement is that a programmer who earns $10M (I assumed you didn't mean milli) a year still has to get a hooker in order to meet women.
Re: (Score:3)
Hookers don't get alimony and almost never get child support. It's not a "need" but more of a business decision.
Re: (Score:3)
Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.
The sad part of that statement is that a programmer who earns $10M (I assumed you didn't mean milli) a year still has to get a hooker in order to meet women.
Witness for the prosecution: Charlie Sheen, rich guy who uses hookers. Prosecution rests.
BTW: in financial parlance, M indicates thousand, since it's an abbreviation of the Latin mille, which means "thousand." So the superstar programmer earning $10,000/yr? Yep!
Re: (Score:2)
I call it the McCartney Equation. Take the cost of the relationship and divide by the number of days in that relationship. That is how much you could have spent on hookers per day and still broke even. (I think it worked out so that Sir Paul could have spent $5000 a day on hookers.)
If you went with a hooker every other day you could halve your expenses or get a higher quality hooker.
Re: (Score:3)
Take the cost of the relationship and divide by the number of days in that relationship.
There are other advantages of hookers. For example:
Some say that a hooker is more likely to give you an STD, but that only depends on what kind
Charlie Sheen's a programmer? (Score:2)
Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.
He's not a programmer, but other than that detail, you just described Charlie Sheen's life pretty closely.
Re: (Score:2)
Programmers acting like Charlie Sheen?? I don't think so.
Re: (Score:2)
Um, someone making $208K a year?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
I would hope that most denizens of /. are aware of the specific imaging technologies and techniques that your mentioned.
The reason many MSPs are not using them is because of the cost of setup. It's easy to do a setup like that when the clients has 200 machines and they're all the same model. It's a bit tougher when the client has 15 machines and they all different makes and models.
Now distribute that problem across 30 clients and suddenly the automata becomes much more difficult to maintain.
Couple that with
Re: (Score:2)
The carriers, in most cases, actually do things to make this more difficult for even the most tech savvy of users, so forget about typical end users. But with that said, it would only make sense for there to be a simple kit made available by the carriers to "wipe and reflash" phones using images of their own making. Even in that case, it would be risky for typical end users to execute and would undoubtedly result in between 25% and 50% botched operations flooding customer support channels both over the ph
What is up with Android malware? (Score:4, Insightful)
I keep reading stories about Android malware. Why does Android attract more malware than any other phone platform?
I'm curious. It doesn't have the largest marketshare, so that argument is moot.
Re:What is up with Android malware? (Score:5, Insightful)
Re: (Score:2)
How exactly are they supposed to vet apps? Decompile them and analyse the code?
Re: (Score:2)
How exactly are they supposed to vet apps? Decompile them and analyse the code?
That appears to be what Apple does, rejecting any app that calls an undocumented function name.
Re:What is up with Android malware? (Score:4, Insightful)
How about just having a proper security system...
BlackBerries ask you for each privileged task the app wants, whether you want to always allow that task, always deny, or prompt when the app needs it...
Re: (Score:2)
And how does that protect against a trojan, exactly? Depending on the app, there may be nothing at all suspicious about its request for elevated privileges.
Re:What is up with Android malware? (Score:5, Informative)
Re: (Score:2)
The the trojan would just act nice for that test. It could use the vm hardware to figure this out or just a simple calendar check. This problem is impossible to solve without source code reviews, and even then it is very hard.
Re: (Score:2)
They have the source, they also take user reports and test stuff, even then bad software can get through. This is just a fact of life. Even in a 100% signed corporate pay for world just one employee at MegaSoftware can add malicious code to their applications. If he is sneaky enough it will get published.
Re: (Score:2)
It won't catch everything of course. Neither would Apple either assuming someone anticipated how the process usually works and took steps to avoid it. e.g. it should be relatively trivial with cloud based apps to produce something that looks innocent and benign to an inspector looking at the client assembly code bu
Re:What is up with Android malware? (Score:5, Insightful)
The other issue is that the way the application presents the security access it needs is, for the average user, completely confusing. You install an app and it gives you a list of 7 things it needs to do including things like "read phone state" and "access internet".
For overly simple apps it may be possible for something like "access contacts data" to be picked up as nefarious by the end user - but in the vast majority of cases there is a long list of permissions and the users are given no real help in understanding what it all means. As such, they blindly accept what is presented to them because they don't understand what the phone is trying to tell them.
(Hell, if I were to decline to install any apps where I didn't fully understand the access it was asking for I don't think I'd have anything installed on my device)
In short, whilst you cannot stop stupidity, there are some pretty major flaws in the user experience which isn't exactly helping people.
Re: (Score:3)
Re: (Score:2)
Android users are wealthy, creative, smart, well connected ect. and its 'worth' the code effort?
Or is it "Windows" easy to make a "wide-open backdoor"?
If this can be done in the wild, what can your gov do or contract to have done to your phone?
Re: (Score:3)
Can we try the reverse of the Apple/Windows malware for the OS X desktop market share idea?
No need to reverse it - Android has more market share than iOS, and it's growing.
There are more Blackberries than either at the moment, though. I guess Blackberries are more tighly locked down, and their users typically don't install frivolous apps, since they are usually work assets.
Re: (Score:3)
I see where you are going, and its dangerous territory.
Try to follow along:
1. Windows is the most secure OS ever.
2. Because it has a 90+% of the market, it attracts 100% of malware.
3. If even 1% of those malware writers targeted {other os} the world would be awash in {other os} viruses.
4. It is a good thing Windows is there to attract all this malfeasance.
So, we clear? Now, don't bother with any more pesky thinking and there won't be any problems.
Re: (Score:2)
Good question. I'm not sure how it works, but perhaps Android's developer registration makes it easy to anonymously create and publish the apps, whereas Apple's store is more picky about who and what is developed/distributed? Also, maybe the "open source" platform is easier to wire malicious code into.
Re: (Score:2)
Its mostly open and unlike linux which has even with the best distro has an at least slight learning curve an android phone is pretty much just pick up and go. With the availability of Android phones on carriers from prepay and even free with contract and no vetting system for apps its a very easy and logical target for those wanting to do harm.
Re: (Score:2)
The disadvantages are discussed here enough.
Re: (Score:2)
Too bad that testing does not work. They have had malware get into the market. This is not a simple problem to solve, you have unknown code with unknown inputs, how do you know what it does?
And remember that code may act nice in a simulator or on known test devices, or until it is downloaded by 100k users.
Re: (Score:2, Insightful)
That argument never made any sense anyway. If it did, Apache would receive the greater attention from the mal-intentioned than IIS, by far.
The whole "there aren't viruses on the Mac because nobody cares about that platform" argument goes right along with it.
Re: (Score:2)
If it did, Apache would receive the greater attention from the mal-intentioned than IIS, by far.
That argument assumes all attacks have the same intention. Notice Firefox has been getting more attention in recent months.
Re: (Score:2)
easy for users to give permission and no one asks themselves why a wallpaper app needs root access. on iOS the phone is locked down and users can't give this access in the first place
Tivoized (Score:3)
Luckily the source code is open
The source code of the Apache-licensed Android Open Source Project is open. The source code of the proprietary drivers linked to it, not so much.
so people can find and root out these issues
Except that won't help you if the problem is in the kernel and the only phones offered by carriers with coverage in your area have been tivoized with competently locked-down bootloaders, such as anything that Motorola made after the first Droid. Or by "root out" were you alluding to installing the fix using a privilege escalation ("rooting") exploit?
Re: (Score:2)
Attention: (Score:5, Funny)
"Please use only the official Google applications for harvesting your personal information."
Summary is wrong. (Score:2)
The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data
Not all of them are pirated versions of popular games, and most of them don't try to root your phone.
Re: (Score:3)
Re: (Score:2)
...for who knows what reason.
Well now you know.
Re: (Score:2)
What about a full list? (Score:5, Informative)
Re: (Score:2)
FFS. I only have 2 market apps on my phone. One of them is Chess.. don't think I've actually run it yet, but this makes me want to not even try..
Re: (Score:2)
Re: (Score:3)
There's more than one free app called Chess. If you've got the one by Aart Bik, I think you're OK - his site and his blog all indicate he's an on-the-square android dev working for Google.
Re: (Score:2)
The first link has a partial list (17) of the apps which were pulled- here is a full list of apps from publisher Myournet (from this site [androidpolice.com]: * Falling Down * Super Guitar Solo * Super History Eraser * Photo Editor * Super Ringtone Maker * Super Sex Positions * Hot Sexy Videos * Chess * _Falldown * Hilton Sex Sound * Screaming Sexy Japanese Girls * Falling Ball Dodge * Scientific Calculator * Dice Roller * * Advanced Currency Converter * App Uninstaller * _PewPew * Funny Paint * Spider Man *
Neat, I've got all those!
Re: (Score:2)
Yeah, I almost downloaded that Scientific Calculator but I was too busy playing Angry Birds.
Re: (Score:2)
OTOH, a scientific calculator that requires access to *anything* is rather suspect.
Re: (Score:2)
iPhone suddenly looks wise (Score:2)
Re: (Score:2)
So should we give this horse corpse another few kicks or do you think we've gone about as far as we can go with it?
Re: (Score:2)
You don't understand. Android is based on Linux, and it's from Google--two of Slashdot's biggest loves. That automatically means it's the greatest thing ever and that no criticism is valid, and anyone who chooses an iPhone is brainwashed, dumb, trendy, and so on.
Never mind that Android isn't open due to carrier control, its unit sales are only because it's on multiple phones and carriers and gets slapped onto every crappy low-tier smartphone out there (complete with unremovable junkware), and the user inter
Re: (Score:2)
There is an implied trust when downloading an app from the official app store that that the app is safe for use. Users are far more likely to download something from the official app store compared to going to some random web site and allowing it to install stuff on your phone.
Comparing that to going to a web site that can jailbreak you phone is not the same situation.
Re:iPhone suddenly looks wise (Score:4, Interesting)
iPhone still looks wise comparatively (Score:3)
Because the evidence you provided was ONE issue and it was plugged quickly. And ironically, it was found by a jailbreaker and the only known exploit was to jailbreak your phone, not to root your phone and allow it to be controlled by someone else. Comparatively, here are 50,000 reasons the Android might be considered insecure.
The GP never said specifically the iPhone never had issues, and I'm not personally saying the Android is better/worse than iPhone in any way. I'm just pointing out your argument do
Re: (Score:2)
Jailbreaking and rooting are the same thing my friend ;)
Re: (Score:2)
Your quibbling over definitions when I clearly said "Jailbreak your phone" in the context of your OWN phone, and when I clearly said "root your phone and allow it to be controlled by someone else."
Congrats, you successfully pointed out weak grammar, I'm sorry. I know what they are, but the GGP post still didn't make a weighty point about comparable security and neither have you.
Re: (Score:2)
Sorry I didn't pick up on some definition you made up and instead used the actual fucking definition. Apologies my liege.
Re: (Score:2)
Re: (Score:2)
That's a jailbreak, not a vulnerability.
LOL. You visit a site using your browser, it downloads code that when run, gets root access. Luckily the jailbreakers are nice people and they prompt you before downloading that code, and after they get the root, they give it to you. What if the code downloaded itself silently, got root, and downloaded and installed malware instead?
The whole thing uses a vulnerability in the PDF rendering system by the way, which luckily (for the jailbreakers) uses a kernel function t
So... (Score:4, Funny)
"Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users"
Bet that remote kill and remove ability that some people were bitching about a few months back isn't looking like such a bad thing right now, is it?
Re: (Score:2)
Bet that remote kill and remove ability that some people were bitching about a few months back isn't looking like such a bad thing right now, is it?
In the case of trojans which open your machine and download additional code, it's not going to help you one bit. The damage is already done. Are there hidden rootkits for Android phones yet?
Re: (Score:2)
You can kill an app sure, but if these apps have rooted the phone - they could allow more stuff in :).
Re: (Score:2)
"You've downloaded a malicious app. Do you want to delete this app [yes/no/more info]?" or
"You've downloaded a malicious app. This app can be removed by downloading . Proceed [yes/no/more info]?"
This works until the app has enough access to remove the counter measures taken by Google.
Re: (Score:3)
Which raises an interesting question. When Apple did it (as in, discussed the remote kill switch, they haven't actually had to use it), everyone went bat-shit crazy. When Amazon did it, ditto.
When Google does it, it's good? Sure it may be for a good purpose, but the fact that it not only exists, but is used often enough.
And hell, even Apple has a problem in that
Uh, why? (Score:2)
"it might be best to take your device to your carrier and exchange it for a new one"
Why can't you just factory reset it?
Re: (Score:2)
Very helpful, thanks.
Maybe Apple's policies are not rooted in evil? (Score:3)
In light of this, perhaps Apple's app store policies are not quite as evil as they appear? I like open systems, and I like open source, but if it is a choice between a free-for-all where the managers of the trusted repository won't examine submitted apps vs. Apple's where one can be reasonably sure that every app is going to be safe, the iPhone looks like a safer bet for folks who install lots of apps.
Damage is done (Score:2)
As soon as an article about something like this hits the mainstream press, the damage is done from a marketing perspective. If Android (Marketplace) loses the trust of the users, Google may never be able to make it back up.
This is the reason Apple does things the way they do. Sure, it's draconian, but remember that we're still hearing about the "death grip" issue every couple of months. If Apple allowed a single popular piece of malware into their Store, it would be news everywhere. Instead, Apple has been
It almost makes me want to laugh... (Score:2)
Just the other day, Slashdot commenters were absolutely insisting [slashdot.org] that the only possible source of malware was 'untrusted' app stores. If only everyone got their apps from 'trusted' (read: "big corporate") websites then malware would never spread.
Re:This is one reason why I have an iPhone (Score:4, Interesting)
but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.
That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.
Re: (Score:2)
Re:This is one reason why I have an iPhone (Score:4, Insightful)
but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.
That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.
Sure it can happen. But unlike the Google store, at least in theory, Apple actually reviews each app and supposedly does basic analysis and testing. Simple solution, Google should have an option or something in their store to have the app verified as passing some sort of bare minimum testing for safety and security. Google Android isn't so perfect it can't learn from others...
Re: (Score:2)
Do Apple request source code, audit them and compile them?, NO, a smart developer just publish a very obfuscated app that start to do nasty things 6 months later of n number of application startups. A fake game, using the open source code but not open assets and name, was published on the Mac App Store (Lugaru) so unless Apple audit source code, everything is possible
Re: (Score:2)
the Lugaru-gate incident was about copyright.. not malware. Apple looks for code that does bad things.. they do not (and CANNOT) check to see that every single line of code in every single app is original (or at least does not otherwise violate someone eles's IP)
Re:This is one reason why I have an iPhone (Score:5, Informative)
Apple has let things slip through. Here's some examples:
http://www.macworld.com/article/152835/2010/07/iphone_flashlight_tethering.html [macworld.com] > app allows tethering as a hidden feature to being a flashlight tool.
http://www.appleinsider.com/articles/10/06/02/flurry_modifies_data_collection_after_being_called_out_by_steve_jobs.html [appleinsider.com] > Apple themselves being surprised that Flurry was collecting info on prototype versions of iOS...
There might be more - but in both these situations here are applications doing something that Apple didn't know they were doing and they were screened applications.
Re: (Score:2)
Tee hee
Love always,
-iOS
There's a little lesson in this for everybody in this thread: The more noisy you get about something, either pro or con, the more likely it is somebody's going to stoke the fire with comments like this. Think about that the next time you decide to bring product A into a thread about product B.
Drivers, not auto mechanics (Score:3)
iOS itself is malware from the users' point of view
Heck, iOS apps don't even have a list of privileges that the user can accept or decline when installing them from the App Store.
a fact easily overlooked by the brain-washed.
The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools. To make a car analogy: some people want to be drivers, not mechanics.
Re: (Score:2, Offtopic)
iOS[...] brain-washed.
The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools. To make a car analogy: some people want to be drivers, not mechanics.
Better car analogy: Some people use taxis all the time rather than learning to drive themselves -- sure it costs a lot more and doesn't get you there any faster, but the high cost confers high status and both a 4-year-old and a 90-year-old could use taxis (if they could afford them).
Re: (Score:2)
The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools.
Consumers believing this fallacy is what allows hardware manufacturers to ship non-free software. Free software "just works" when properly supported and is cheaper for users and HW makers. This is because its development costs are an order of magnitude smaller (not true for games, but you are talking about tools). If a nice slice of the marketplace started demanding Free software, they would start getting cheaper, better systems that don't lock them in and don't spy on their every move. To make a car analog
Re: (Score:2)
Free software "just works" when properly supported and is cheaper for users and HW makers.
How's that working for Nokia?
Besides, free software isn't the solution to shitty software. On the phone, the stakes are much higher. I'll stick with my "locked down" iOS over an OS that might break because what I thought was an ssh client was also harvesting personal information and giving it to someone for nefarious purposes.
Re: (Score:3)
Free software "just works" when properly supported and is cheaper for users and HW makers.
How's that working for Nokia?
What, you mean, is N900 easy to use? Jesus F. Christ, have you tried it? It's completely idiot-proof. It has apps for any IM, any email, has maps with gps, great voice interface, address book you can actually export, has firefox and an X desktop filled with 3d eye candy. Is it doing well in the marketplace? No, because no one gives a shit about running Free software, to their very own detriment, which was exactly my point.
over an OS that might break because what I thought was an ssh client was also harvesting personal information and giving it to someone for nefarious purposes.
You right, a Trojan masquerading as an ssh client is an issue every Debian user has to
Re:Drivers, not auto mechanics (Score:5, Informative)
The thing is - the free market takes care of you in situations like this. Those apps - I'm sure had 1 or 2 stars and market reviews along the lines of "malware" - plus the reviews I'm sure were not all that great either "Japanese screaming sexy girls" may have been popular, but its hard to mistake for anything serious like a SSH tool.
I know the CNN article said they were popular apps, but they never showed up on the marketplace home page and I've never heard of them (I've been using Android since the G1).
Also I should mention - even Apple has been a victim of malware. They themselves were shocked to notice that a company had been collecting information on internal iOS builds - they then changed the rules about what kinds of metrics apps could collect on the phone. There was that screensaver that made it onto the app store that was also a teathering tool. Apple isn't infallible when it comes to app use or claims.
Google really does have our back on this one ;).
Re: (Score:2)
The thing is - the free market takes care of you in situations like this. Those apps - I'm sure had 1 or 2 stars and market reviews along the lines of "malware" - plus the reviews I'm sure were not all that great either "Japanese screaming sexy girls" may have been popular, but its hard to mistake for anything serious like a SSH tool.
Wow, wait a little! You:
Decide a conclussion "the free market takes care..."
Based in the conclussion, decide what must have been the facts: "I'm sure had 1 or 2 stars" and do not even check them
Assume that popular is serious... sorry, maybe the fishbowl screensaver is neither serious nor sofisticated, but that does not mean it is not popular. Check Facebook if you have any doubt.
In fact, at least 50.000 customers have been "taken care of" in spite of the free market. And has stopped due to Google "pulling a
Re: (Score:3)
But free markets rely on proper design -- if people were allowed to sell stocks on the stock market without proper accounting or disclosures, then anyone who did disclose would be at a competitive disadvantage and there would be no disclosure, and eventually nobody would buy stocks except for a few insiders and dumb money.
If the laissez-faire outcome of only relying on "star" ranking is that only suckers and power users use the app market, then that's a market failure and bad for Android. The idea of rati
End users demand games. (Score:2)
Free software "just works" when properly supported and is cheaper for users and HW makers. This is because its development costs are an order of magnitude smaller (not true for games, but you are talking about tools).
End users demand games. Look at Apple, which for a while promoted its iPod touch as a handheld gaming device to compete with the Nintendo DS.
Re: (Score:2)
Invalid example (Score:3)
The example you're talking about:
So, really what you're saying is that if I modify a device that I've bought, and my modification causes a security vulnerability that som
Re: (Score:2)
Re: (Score:2)
before iOS gets to cocky. Can we remind people of http://apple.slashdot.org/story/09/11/08/1411259/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones [slashdot.org]
Although it was only for jailbroken phones, and it wasnt malicious code, apple still got it first.
Ok, that's one. And exploiting a LONG-PATCHED vulnerability.
Now, find 20 more iOS examples, and we'll talk.
BTW, that's all that have been FOUND on the Android Marketplace; not HARDLY how many are likely to have actually been PUBLISHED there. And then there's all the OTHER sites selling Android malw... er, Apps...
I agree that with freedom comes responsibility; but this proves without question that it has NOTHING to do with WHERE an Android user actually DOWNLOADS an app from; but rather, Android's fund
Re: (Score:2)
It's not that nothing is happening. The applications still run, just with added malware in the background.
Re: (Score:2)
Re: (Score:2)
Flash a new OS on the device.
Re: (Score:2)
And, BTW, which scientific calculator do they mean?
https://market.android.com/search?q=scientific+calculator&c=apps [android.com]
If there are more than one app with the same name, tell us from which developer are the bad ones. As far as I see the app is still there!
Re: (Score:2)
As long as the comparison is interesting, I've got no trouble with that. There is quite a lot of things to be said about both ways of operating.
There are a few things Google can do to alleviate some of this - out of the top of my head:
- create a number of "Google approved" applications (much like the Apple store, but without disallowing anything), devs have to pay Google something to have them review the code I suppose)
- split applications into categories, the categories would allow them to highlight e.g. g