Meet Android Market's Malware Bouncer

By Clint Boulton  |  Posted 2012-02-03 Print this article Print

One of the leading knocks on Google's freewheeling, open approach to the Android Market is that it's leaves the application store more susceptible to malware and lots of spammy apps.

Indeed, Symantec, Lookout Mobile and other security firms have reported a significant rise in Android Market malware in the last 12 months.

And with over 200 million Android devices in the market, with 700,000 being activated daily, and over 300,000 Android apps in the Market, there are a lot of mobile targets for perpetrators to exploit.

Google's automated app approval process is a popular vector for attack. To help combat the malware rise, Google created Bouncer, an anti-malware service that automatically scans the Android Market for potentially malicious software.

Bouncer, which Google has been using in its Market for all of 2011, scans new and old applications and developer accounts. Hiroshi Lockheimer, vice president of engineering for Android, explained how it works:

Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.

The result? Android malware downloads decreased 40 percent through 2011, which is when Symantec, Lookout and others reported malicious apps were on the rise.

I wonder if Symantec, Lookout and others knew about this feature? It's unclear, but Lockheimer did tell AllThingsDigital that Google has no plans to embrace the manual app approval process Apple and Microsoft employ to vet apps in their stores.

This makes sense. Manual approvals bog down the works, which is anathema to Google, whose culture is built on speedy development and expedient delivery to market.

I can't imagine Android head Andy Rubin or CEO Larry Page would ditch the automated, machine-based practices, even for malware. Which is why it needed the Bouncer. We'll see if it helps combat the spate of Netflix malware and other issues. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel