Google Hires Bouncer to Give Android Malware the Heave-Ho
Feb 3, 2012 10:49 AM PT
Google announced a new layer of security for its Android Market on Thursday, unveiling a program called "Bouncer" that will automatically scan apps and developer accounts for malware.
Bouncer works by analyzing each app as it's uploaded to the Market, scanning for threats, spyware and trojans. It also takes a look at developer accounts to make sure they don't have a malicious history. If they do, Bouncer will discourage them from returning. The program will do repeated scans on existing apps to keep tabs on the entire marketplace.
In addition to the initial scan, Bouncer simulates a run of the app within Google's cloud infrastructure to see if threats would occur if the app was running on an actual Android device.
The added protection follows security concerns regarding the safety of Android applications. Unlike Apple, its main competitor in the app marketplace, Google previously did not require developers uploading apps to the Android Market to undergo a rigorous approval process.
The service has actually been in use for a while, according to Hiroshi Lockheimer, vice president of engineering for Android. There was a 40 percent decrease in the number of potentially malicious downloads from the Android Market between the first and second halves of 2011, according to Google.
Google didn't respond to our requests for information.
A Need for a Double-Check
Mobile malware has been a growing concern over the past year.
"Last year alone there were about 4,600 new vulnerabilities that were found in the market, and about 92 percent of those could be accessed remotely, and about 75 percent of those were through web applications," Scott Bradley, vice president of the Americas for iViZ Security told TechNewsWorld. "So the risks are very high. PC users know they need malware checks and they buy the tools to do that, but mobile app vulnerabilities are out there, and people are taking tremendous risks with things such as e-banking but don't think of the need for malware [protection] on a phone."
Part of the problem may be that many users assume that if an app has made it into Google's or Apple's storefront, it's safe.
"Google's introduction of the Bouncer service is an encouraging step forward for mobile security. Many mistakenly assume that the app store gatekeepers are protecting them from malicious content, but history suggests that detailed security reviews of apps have been lacking prior to their inclusion in the app stores," Michael Sutton, vice president of security research at Zscaler ThreatLabZ, told TechNewsWorld.
Taking a Cue From Apple?
The ways in which Google and Apple regulate their respective app outlets reflect differing philosophies. iOS apps undergo a lengthy approval process before appearing in the App Store; Android developers hoping to sell in the Market face fewer hurdles.
In recent Senate hearings on location tracking, Alan Davidson, former director of public policy at Google, said the company doesn't want to be a "gatekeeper" for app developers and would rather give everyone a chance to get online.
"The App Store has always been a much tighter environment, and until now it's been very easy for anyone to create an Android app, with any kind of malware on it, and put it out into an insecure environment," said Bradley.
The policy might be helpful for smaller legitimate developers with fewer resources, but it ran the risk of allowing rogue devs to put lots of mobile users in jeopardy -- and frustrated, compromised customers aren't good for the bottom line.
"Apple's approval process, which can sometimes be a pain in the back side of app developers, is designed to keep out problems like this before they ever hit the store, something that gives app buyers the comfort of knowing their app purchase is not going to destroy their phone, and thus making them more likely to continue to purchase apps," Aaron Watkins, cofounder of Appency and analyst at GigaOM Pro told TechNewsWorld.
"We have all seen with traditional antivirus software programs that there is a continual need for new updates and innovations in an attempt not to get ahead of, but simply keep up with, the pace of the hackers and spammers of the world," said Watkins.
Bouncer has been successful so far, according to Google. Going forward, its effectiveness may be easy to track.
"It remains to be seen how effective Bouncer will be, but we'll all know shortly," said Sutton.