Google’s Bouncer To Watch Over Android Market
Despite Symantec backing off its report that up to 5 million Android Market downloads may have been tainted by malware, Google announced that it’s new security solution — codenamed Bouncer — will be scanning existing and future apps in the Market.
Google has undergone criticism for the low security in Android Market (compared to Apple’s iTunes), as well as for just choosing to pull malicious apps retroactively. Hiroshi Lockheimer, Android VP of Engineering, blogged about the company’s awareness of the issue.
The service has been looking for malicious apps in Market for a while now. Between the first and second halves of 2011, we saw a 40 percent decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.
Lockheimer also explained how Bouncer will study new (and existing) apps for suspicious activity.
Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
Catalin Cosoi, BitDefender Head of Online Threats Lab welcomed Google’s move, but postulated that hackers and malware developers will likely find a way around Bouncer.
Securing the Android Market is definitely a good idea, but it doesn’t eliminate the need for a security solution installed directly on the device… based on our experience with malware analysis, malware writers will seek a way around security… in time, malware writers (will add) different routines to detect if the virus runs in a real computer or in a virtual environment, and they (will modify) their software to act legit when running in a control environment. We might see the same phenomenon here, as Bouncer is a service that will emulate all apps uploaded on the Android Market. Not to mention that the Android API offers the possibility to detect if the app runs in an emulator or directly on the devices. So there is a high chance that we’ll see apps behaving correctly when used on a simulator and turning malicious when used on the mobile device.
Security software companies may just be fanning the flames to drum up sales — but then again, they’ve been providing this service for consumers over the years. At the end of the day, the user (yes, that’s you) still has to be vigilant when downloading and installing apps on their devices — always check what kinds of permissions the apps want you to approve.