After a couple of years of seeing headlines announcing a steady stream of pieces of malware and trojaned apps appearing the Android Market, Google finally has taken steps to find and remove malicious apps from the market automatically. The company has unveiled a service called Bouncer that scans apps and looks for known malware as well as potentially malicious behavior.
Google revealed the existence of Bouncer yesterday, but said that the service has been in operation for some time now. Company officials didn’t specify exactly when Bouncer was deployed, but said that there was a 40 percent drop in downloads of potentially malicious apps from the market between the first six months of last year and the second half of the year. The Android Market, which is the official app store for Android users, has been plagued by a number of incidents in which attackers have inserted trojaned versions of legitimate apps or malware-infected apps into the store.
“The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back,” Hiroshi Lockheimer, vice president of Android engineering at Google, wrote in a blog post.
Security researchers have criticized Google for not employing any sort of app-review process for Android Market submissions, saying that the lack of oversight is putting users in danger from attackers. Google officials have been largely silent on that topic until now.
“No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe,” Lockheimer wrote.