04/17/2014 09:12 pm ET Updated Jun 17, 2014

The Trust Gap: Heartbleed, Virus Shield, and the Growing Challenge for Android App Developers

Recently I was speaking on a panel at an app developer event, when the moderator asked us why most app developers continue to develop apps for iOS first (or sometimes exclusively) despite the fact that Android has a far larger market share and expects to expand the gap with iOS over the coming years.

In my experience, the question has a very simple answer: iOS remains the most profitable ecosystem for app developers. Despite Google's widening lead in device sales and installed base, developers earn twice as much money on Apple. It also requires more time and money to develop for Android due to the fragmentation of the operating system. Emu founder Dave Feldman famously tested the obstacles of pursuing an Android-first strategy. His experiment didn't last long.

To me, the more interesting question is, "Why do developers make twice as much money on iOS?"

During the same panel, one of my fellow Android-wielding panelists offered some insight into the issue when explaining she "doesn't pay for apps on principle." Her response suggests that part of the challenge for developers on Android is a cultural one. The revenue numbers and research from Distimo, Statista, and Flurry all provide unconditional support for that theory. Many Android users look at their devices and apps much like they look at the Web, where the idea of paying to access a website or service is simply a non-starter.

Higher levels of piracy and lower income levels among Android users also play a role, but many are concerned that things are about to get even worse for developers on the Android platform.

The Trust Gap

Most developers I've talked to recently also express concern about the growing "Trust Gap" between Android and other mobile operating systems. We already know that 97 percent of all mobile malware targets Android, but recent revelations could make Android users even more wary of buying or even downloading apps for their devices.

Last week, CNET called Android a "toxic hell stew of vulnerabilities" following revelations about how devastating the Heartbleed bug was for Google's mobile operating system. While CNET's headline is obviously hyperbolic, it effectively outlines how the fragmentation of Android prevents or delays critical security patches from reaching Android users. In addition to the Heartbleed bug, in the past couple weeks the number one paid app in the Google Play Store proved to be a complete sham, and now security researchers are reporting that incredibly dangerous malware made it onto the Play Store.

Regardless of their business model, the success of the app developers requires consumer trust. Users must trust that the developer is who she says she is, that the app does not include malware, and that the app, device, and developers are protecting their security and privacy. And customers are far more attuned to this that you might think. Last year a Pew study showed that 54 percent of customers had deleted or chosen not to download an application because of privacy and security concerns. The need for trust in devices and apps is even more critical as our industry moves into the incredible opportunities available in the enterprise, health, and educational markets.

Closing the Trust Gap

Originally viewed as a strength by app developers, the ease of getting apps into the Google Play Store is fast becoming a weakness, even for smaller players. If Android users become even more concerned the potential harm of downloading apps, it is the startups and small developers who will be harmed the most. While consumers will likely continue to trust apps from major brands like Nike, Walmart, and Facebook, they will likely avoid apps from companies they don't know yet.

Google recently took the long-needed step of expanding the use of its Verify Apps service to scan all apps downloaded to Android devices, including those that come from the Google Play store. Previously, the service only scanned apps that were downloaded from alternate app stores. But, the move only confirms the problem that we were already seeing... far too many nefarious apps are making it into the Google Play store.

For developers to succeed in the long term, Google must take action to clean up the Google Play store. Changes may slow down the app approval process, but most developers would welcome it if it also created an environment where consumers were more comfortable paying for apps.

Additionally, Google needs to find a way iron out the kinks in its distribution of updates and patches for Android. Until they do, far too many Android devices will remain susceptible to viruses and malware and enterprises, hospitals, and schools will become increasingly wary of adopting Android without a workable solution.