Android securityAfter a couple of years of seeing headlines announcing a steady stream of pieces of malware and trojaned apps appearing the Android Market, Google finally has taken steps to find and remove malicious apps from the market automatically. The company has unveiled a service called Bouncer that scans apps and looks for known malware as well as potentially malicious behavior.

Google revealed the existence of Bouncer yesterday, but said that the service has been in operation for some time now. Company officials didn’t specify exactly when Bouncer was deployed, but said that there was a 40 percent drop in downloads of potentially malicious apps from the market between the first six months of last year and the second half of the year. The Android Market, which is the official app store for Android users, has been plagued by a number of incidents in which attackers have inserted trojaned versions of legitimate apps or malware-infected apps into the store.

“The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back,” Hiroshi Lockheimer, vice president of Android engineering at Google, wrote in a blog post.

Security researchers have criticized Google for not employing any sort of app-review process for Android Market submissions, saying that the lack of oversight is putting users in danger from attackers. Google officials have been largely silent on that topic until now.

“No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe,” Lockheimer wrote.

Categories: Malware, Mobile Security

Comments (5)

  1. Anonymous

    Google should have a way to contact them on there site! last name my maiden name which i use on some items & there is ONLY 1 schrementi family in USA……’someone’ put over 40 pages ‘about me’ on google, believe bing 2… dad’s obituary. under red lion, my dad did own the red lion, however we never put his obituary in chgo Tribune…shows me as lawyer, realtor in all these states…my sister nancy block as nancy hoffman…my married name is hoffman….YET i can’t have google take these lies off…

    I feel that the person who is written about should have the right & ability to contact these sites ^& say “PLease REMOVE, this is not me!!!  they put up ficticious pictures…its sick in my opinion.  My computers in the past have been blown out & currently working w/ Kasparsky who feel is the best ther is .  Thank you for the opportunity to express my opinion.

  2. Mya

    Google have taken a good step for Adroid Apps security because the App developer’s are random there will be some few hackers in that developers list and spread their mallicious code into smartphones and get their credentials.

Comments are closed.