Google reveals Android malware 'Bouncer,' scans all apps
Claims 40% reduction in malicious app downloads in second half of 2011
Computerworld - Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.
The scanning service, appropriately codenamed "Bouncer," has been in action "a number of months," said Hiroshi Lockheimer, the vice president of engineering for Android, in an interview Thursday. "The interesting thing is that no one really noticed. It didn't disrupt the end user's experience [in the Android Market] or disrupt the developers. They didn't have to think about it at all."
Once an app is uploaded to Google by its developer but before it's published to the Android Market, Bouncer scans the code for known malware, including spyware and Trojan horses, and looks for behaviors that match apps which the company has previously decided are unacceptable.
Some apps that sound Bouncer's alarm are immediately denied entrance to the Android Market, said Lockheimer. Others are flagged for human review.
Bouncer also features a simulator that runs each app as if it was on an actual Android phone, said Lockheimer. "We can observe the application for hidden behavior, and then flag it for review if it's questionable," he said.
Google also has the ability to recheck already-published apps as it adds more detection and analytical skills to Bouncer. "As our knowledge of bad apps increases and we become aware [of new malware], we feed that into the system and rescan everything in the catalog," Lockheimer said.
Critics in the security industry have called on Google to proactively scan Android apps for potential malware, rather than wait until unacceptable or infected apps are reported by users or researchers.
"This is absolutely a good move," said Chet Wisniewski, a security researcher at U.K.-based vendor Sophos. "Bouncer clearly makes sense. [But] most Android users would be surprised that they weren't already doing this."
Lockheimer denied that Bouncer was a reaction to any single security incident, including the appearance of the first Android Trojan horse: In March 2011, Google yanked more than 50 DroidDream-infected apps from the Android Market, and within days used its "kill switch" for only the second time to remotely erase the programs from users' smartphones.
Instead, Lockheimer said, Bouncer was an evolution of Google's security philosophy.
"Bouncer wasn't in response to any one thing," Lockheimer said. "Security is important to Android, that's always been a theme of ours."
But Android malware played a prominent role in security news last year. Following the first DroidDream campaign, attackers launched planted more infected apps on the Market last June and July. Malicious apps have also regularly popped up on third-party download sites, which Google doesn't regulate, especially in China.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts