In case you don’t know what a WHOIS database is, it’s a central database where records are kept about domain names. You type in a domain name and the WHOIS database will tell you who owns it, when it was registered, who the technical contacts are etc. It’s not entirely accurate and it’s not as up to date as it could be. But it’s the web’s best source for this type of information.
I believe the entire mobile ecosystem, from app developer to consumer, would benefit if there was a similar database for apps. But I would make it even more trustworthy by making sure all information was validated in some way. This central source of trusted information would allow you to find out who owns a particular app, when it was built, the owner’s address etc.
Now imagine if this same information was available in metadata, accessible through an API lookup service. The API could allow you to verify who really owns the app. This would make it more difficult for malicious apps to catch so many people off guard. It would also add a layer of much needed security for organizations who permit their staff to bring their own devices to work.
App ID verification on the Android platform will come – but it will most likely come from a security company rather than Google. And the entire process would be more robust with buy-in from each of the Play Stores.