Google takes the covers off Bouncer, an automated scanning service that checks new and existing apps on Android Market for malware.
Malicious
hackers trying to circulate malware-tainted applications on Android Market are
going to find Google's Bouncer at the door, preventing undesirable apps from
getting in and kicking out troublemakers.
Bouncer has
been monitoring the Android Market for several months already, and Google
claims it has seen a 40 percent drop in malicious apps between the first half
and second half of 2011, Hiroshi Lockheimer, vice president of engineering for
Google's Android group, wrote on the Google Mobile blog Feb. 2. The service
automatically scans Android Market for potentially malicious software without
requiring developers to go through an application approval process.
Google has
been criticized by many security experts for not subjecting apps submitted to
the Android Market to the kind of rigorous screening process that Apple does
for iOS apps prior to listing them on the App Store. Google has positioned the
Android Market as an open platform and has traditionally taken a hands-off
approach.
"It's
not possible to prevent bad people from building malware," Lockheimer
wrote. Instead, Google is focusing on whether those bad apps are being
installed and "we know the rate is declining significantly."
Bouncer
scans both new and existing apps for known malware, spyware and Trojans that
could steal user data or access unauthorized features. It also analyzes new
developer accounts to keep out developers who have been already kicked out of
the marketplace or have a history of trying to distribute questionable apps.
Bouncer runs
all the apps virtually on Google's cloud infrastructure to examine how they
would run on a physical device. The simulation allows Google to examine hidden
behavior that can be malicious that wasn't evident during the initial scan. If new
attack methods or techniques are found, Bouncer rescans all the apps to see if
they are present in other apps. Bouncer is getting better at detecting and
eliminating malware every day, Lockheimer said.
Android
Market was shaken by the discovery of malicious apps multiple times last year,
and Google famously lashed out at the security companies for fear-mongering and
exaggerating the threat.
"The
drop occurred at the same time that companies who market and sell anti-malware
and security software have been reporting that malicious applications are on
the rise," Lockheimer wrote.
Lookout
Mobile Security, a mobile security company that sells protection software for
Android devices, estimated in a recent report that more than $1 million had
been stolen from Android users in 2011 as a result of malicious software
downloads. The figure could rise, the company said. Juniper Networks found in
its own reports that the number of malicious Android apps had quintupled in
four months.
Google
yanked apps from Android Market and took the unprecedented step of remotely
removing them from user devices last year after the DroidDream malware first
surfaced. More infected apps with DroidDream variants were removed over the
summer.
However,
whether an app is malicious or not is not really clear-cut. Just last week,
Symantec identified 13 apps as being malicious because they could push data
from a remote server onto user devices and perform other "suspicious"
activities. Lookout criticized the announcement, saying Android CounterClank
was just an aggressive form of advertising network and, while annoying, was not
yet dangerous.
"No
security approach is foolproof, and added scrutiny can often lead to important
improvements," Lockheimer said.
Email
Print
