Google Bouncer Finds, Blocks Malicious Apps From Android Market

Malicious hackers trying to circulate malware-tainted applications on Android Market are going to find Google’s Bouncer at the door, preventing undesirable apps from getting in and kicking out troublemakers.

Bouncer has been monitoring the Android Market for several months already, and Google claims it has seen a 40 percent drop in malicious apps between the first half and second half of 2011, Hiroshi Lockheimer, vice president of engineering for Google’s Android group, wrote on the Google Mobile blog Feb. 2. The service automatically scans Android Market for potentially malicious software without requiring developers to go through an application approval process.

Google has been criticized by many security experts for not subjecting apps submitted to the Android Market to the kind of rigorous screening process that Apple does for iOS apps prior to listing them on the App Store. Google has positioned the Android Market as an open platform and has traditionally taken a hands-off approach.

“It’s not possible to prevent bad people from building malware,” Lockheimer wrote. Instead, Google is focusing on whether those bad apps are being installed and “we know the rate is declining significantly.”

Bouncer scans both new and existing apps for known malware, spyware and Trojans that could steal user data or access unauthorized features. It also analyzes new developer accounts to keep out developers who have been already kicked out of the marketplace or have a history of trying to distribute questionable apps.

Bouncer runs all the apps virtually on Google’s cloud infrastructure to examine how they would run on a physical device. The simulation allows Google to examine hidden behavior that can be malicious that wasn’t evident during the initial scan. If new attack methods or techniques are found, Bouncer rescans all the apps to see if they are present in other apps. Bouncer is getting better at detecting and eliminating malware every day, Lockheimer said.

Android Market was shaken by the discovery of malicious apps multiple times last year, and Google famously lashed out at the security companies for fear-mongering and exaggerating the threat.

“The drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise,” Lockheimer wrote.

Lookout Mobile Security, a mobile security company that sells protection software for Android devices, estimated in a recent report that more than $1 million had been stolen from Android users in 2011 as a result of malicious software downloads. The figure could rise, the company said. Juniper Networks found in its own reports that the number of malicious Android apps had quintupled in four months.

Google yanked apps from Android Market and took the unprecedented step of remotely removing them from user devices last year after the DroidDream malware first surfaced. More infected apps with DroidDream variants were removed over the summer.

However, whether an app is malicious or not is not really clear-cut. Just last week, Symantec identified 13 apps as being malicious because they could push data from a remote server onto user devices and perform other “suspicious” activities. Lookout criticized the announcement, saying Android CounterClank was just an aggressive form of advertising network and, while annoying, was not yet dangerous.

“No security approach is foolproof, and added scrutiny can often lead to important improvements,” Lockheimer said.