Google has been taking some steps to address the problem of malware on the Android platform in recent months, introducing the Bouncer antimalware system and some better anti-exploit technologies in Jelly Bean, the most recent version of the operating system. Now, the company is implementing some additional security features designed to protect users from malicious apps and malware that tries to send premium-rate SMS messages.
Attackers have been targeting Android with SMS Trojans, malicious apps and other strains of malware for a couple of years now and Google has made changes along the way to parry the attackers’ moves. The most visible change was a server-side malware-scanning system called Bouncer that looks at each app that’s submitted to the Google Play app market to check for signs of malicious or hidden behaviors. That process is transparent to the user who eventually downloads an approved app, but it offers some protection for users who only install apps from the official app store.
But there are a number of unofficial, third-party Android markets out there that offer users the ability to install other apps. These apps obviously don’t go through the Bouncer malware scan, so users are taking some risk installing them. Some of the larger Android malware incidents have occurred in third-party app markets, specifically in China. Google is working to address that issue by adding a new mechanism in Android 4.2 Jelly Bean that will give users the protection of client-side malware scanning for apps from third-party markets.
The new feature will give each user the ability to opt in and have the operating system scan apps from markets other than Google Play and check them against a database of known malicious apps, according to a Computerworld report. If the app is found to be malicious, the user will then see a warning, but still will have the option to install the app.
Attackers have targeted Android users with a variety of different malware attacks, particularly favoring the tactic of uploading apps that appear to be benign games or productivity apps and lacing them with malware. Some of these malicious apps are designed to steal user data, but others focus on grabbing money through the use of functionality that will send SMS messages to premium rate numbers. These pieces of malware will send the messages in the background, without the user’s knowledge, and can rack up significant charges before they’re discovered.
Android 4.2 will include a function that can detect when a user’s phone is attempting to send a message to a premium rate number and will alert the user, according to the Computerworld report. A defense against this kind of attack is something that’s been missing for some time now.
“The premium SMS filter is a no-brainer and I’m surprised it took as long as it did. Mobile malware authors are using toll fraud as an easy way to monetize malicious app installs so they’ll be forced to step their game up. Well, whenever 4.2 hits a reasonable population of devices, that is,” said Jon Oberheide, co-founder of Duo Security and an Android security researcher.
This article was updated on Nov. 6 to add comments from Oberheide.