Malware scanning comes to Google's Android Market

[nsane.forums]

Google engineers have unveiled a cloud-based service that scours the Android Market for malicious smartphone apps.

Bouncer, as the scanner is called, automatically checks each title in the Google app bazaar to make sure it doesn't match signatures of known malware, Hiroshi Lockheimer, vice president of Android Engineering, told Ars. It also looks for clues that apps contain surreptitiously abusive behavior by running them through a system that simulates an Android device. The scan happens when developers first upload an app to the Market and then periodically after that.

For years, critics have said Google doesn't do enough to police its own servers for apps that steal user data, rack up expensive charges, and carry out other undisclosed abuse. Google's guidelines for Android developers promise they have "complete control over when and how they make their applications available to users." While many developers and users welcome the freedom, it has also allowed malware purveyors to install their titles on tens of thousands of Android phones.

In December, for instance, researchers unearthed at least 22 malicious Android apps, some that were downloaded more than 10,000 times. The titles advertised themselves as popular games such as Angry Birds and Cut the Rope, but once installed they sent text messages that accrued hefty charges for users who fell for the ploy.

"We really designed this in a way to maintain the flow the users and developers are familiar with," Lockheimer said. "Android has been a comfortable place for users to download and purchase apps from."

Bouncer has been up and running for about six months, he said. Google saw a 40 percent decrease in the number of potentially malicious downloads in the second half of 2011 compared to the first half. Google blogged about the scanner here.

View: Original Article

[DKT27]

Google "Bouncer" aims to protect Android Market from malware

Google has revealed details of a security system on its Android Market, with which it aims to tackle the scourge of malware, disguised as legitimate software, that has infected countless devices.

It’s no secret that Google’s approach to managing its Android Market has left it vulnerable to malware. We’ve reported time and again (and again, and again) on nefarious apps being discovered on Google’s app store; in November, a report from Juniper Networks, a global networking infrastructure provider, reiterated that Android leads the field as the mobile platform most affected by malware, claiming that the blame for this rests primarily with Google and its questionable app curation policies.

However, in a Google Mobile Blog post today, Android’s VP of Engineering, Hiroshi Lockheimer, revealed that the company has actually been working behind the scenes for some time on protecting the Market from malicious programs, with what it refers to as a "new layer to Android security" in the form of an automated monitoring service, codenamed 'Bouncer'.

The system scans submitted software, analysing it in order to detect malware, spyware, trojans and other security threats, comparing it with previously red-flagged apps. Bouncer can also analyse app behaviour, again comparing it with the functions and activities of previously identified malware. Existing apps on the Market, and developer accounts, are also tracked and analysed by the system, and each app – old and new – is subjected to a full automated simulation using Google’s cloud-based infrastructure, so that each of the app's functions can be tested and assessed.

Google hasn’t revealed exactly when Bouncer was introduced, but it claims that there was a 40% reduction in malware on the Market between the first and second halves of 2011. Lockheimer acknowledges that this apparently conflicts with third-party reports claiming that malware on Android is on the rise, although he also notes that the people behind such reports tend to be those that are trying to sell anti-malware and security software, implying that they have a vested interested in painting a more negative picture of Android’s security landscape.

Lockheimer underlines Google's certainty that the number of infections sourced from the Android Market has in fact fallen dramatically. This would appear to suggest that the claimed increase in Android malware infections could well be occurring through sideloaded software or via third-party app stores, which are outside of Google’s control.

View: Original Article