[New report] Demographic Analysis of Google Play

Florence Broderick    17 March, 2016

Download the new report shows that Tacyt had dissected a total of 3,365,527 applications from the Google Play Store, of which only 2,438,864 remained available for download on the market.

The study conducted by ElevenPaths’ Analyst Team aims to study the population of developers and applications in the Google Play Store in early February 2016, to determine its size, structure, evolution and general characteristics from a quantitative point of view.

Tacyt has been used as a source of information. Tacyt is an innovative cyberintelligence tool that monitors, stores, analyses, correlates and classifies millions of mobile apps thanks to its big data technology, adding thousands of new applications every day.

Some details of the report:

  • According to the email address used by the developer in the Google Play Store (developerEmail), Tacyt has information on 678,328 different developers. About 44% of email addresses present in the Google Play Store belong to the “gmail.com” domain.
  • Google requires developers to sign all their applications prior to being published in the Google Play Store. This certificate is used to identify the author of the application. The total number of different certificates found by Tacyt has been 805,731. Even though the vast majority of certificates found are associated with a single email address, there are exceptions. Even one certificate related to more tan ten thousand different email addresses has been found.
  • Sharing the same certificate among several developers is not a recommended best practice from a security standpoint, since it could compromise the apps’ update process or the information they handle. Of the 805,731 certificates (certificateFingerprint) known by Tacyt, 761,389 are associated with a single developer email address (developerEmail). The rest is used by two or more different developer email addresses to sign their applications.
  • Even though the use of digital certificates for the signing of software should identify the individual or entity behind the software in an unambiguous manner, this report shows through the use of numbers that Google Play facilitates the abuse of this concept and this might lead to situations where suchidentification becomes compromised.

» Download now the full report “Demographic Analysis of Google Play″

*You may also be interested on:

Further information

Leave a Reply

Your email address will not be published. Required fields are marked *