Google reveals Android malware 'Bouncer,' scans all apps
Claims 40% reduction in malicious app downloads in second half of 2011
Computerworld - Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.
The scanning service, appropriately codenamed "Bouncer," has been in action "a number of months," said Hiroshi Lockheimer, the vice president of engineering for Android, in an interview Thursday. "The interesting thing is that no one really noticed. It didn't disrupt the end user's experience [in the Android Market] or disrupt the developers. They didn't have to think about it at all."
Once an app is uploaded to Google by its developer but before it's published to the Android Market, Bouncer scans the code for known malware, including spyware and Trojan horses, and looks for behaviors that match apps which the company has previously decided are unacceptable.
Some apps that sound Bouncer's alarm are immediately denied entrance to the Android Market, said Lockheimer. Others are flagged for human review.
Bouncer also features a simulator that runs each app as if it was on an actual Android phone, said Lockheimer. "We can observe the application for hidden behavior, and then flag it for review if it's questionable," he said.
Google also has the ability to recheck already-published apps as it adds more detection and analytical skills to Bouncer. "As our knowledge of bad apps increases and we become aware [of new malware], we feed that into the system and rescan everything in the catalog," Lockheimer said.
Critics in the security industry have called on Google to proactively scan Android apps for potential malware, rather than wait until unacceptable or infected apps are reported by users or researchers.
"This is absolutely a good move," said Chet Wisniewski, a security researcher at U.K.-based vendor Sophos. "Bouncer clearly makes sense. [But] most Android users would be surprised that they weren't already doing this."
Lockheimer denied that Bouncer was a reaction to any single security incident, including the appearance of the first Android Trojan horse: In March 2011, Google yanked more than 50 DroidDream-infected apps from the Android Market, and within days used its "kill switch" for only the second time to remotely erase the programs from users' smartphones.
Instead, Lockheimer said, Bouncer was an evolution of Google's security philosophy.
"Bouncer wasn't in response to any one thing," Lockheimer said. "Security is important to Android, that's always been a theme of ours."
But Android malware played a prominent role in security news last year. Following the first DroidDream campaign, attackers launched planted more infected apps on the Market last June and July. Malicious apps have also regularly popped up on third-party download sites, which Google doesn't regulate, especially in China.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!