Google reveals Android malware 'Bouncer,' scans all apps
Claims 40% reduction in malicious app downloads in second half of 2011
Computerworld - Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.
The scanning service, appropriately codenamed "Bouncer," has been in action "a number of months," said Hiroshi Lockheimer, the vice president of engineering for Android, in an interview Thursday. "The interesting thing is that no one really noticed. It didn't disrupt the end user's experience [in the Android Market] or disrupt the developers. They didn't have to think about it at all."
Once an app is uploaded to Google by its developer but before it's published to the Android Market, Bouncer scans the code for known malware, including spyware and Trojan horses, and looks for behaviors that match apps which the company has previously decided are unacceptable.
Some apps that sound Bouncer's alarm are immediately denied entrance to the Android Market, said Lockheimer. Others are flagged for human review.
Bouncer also features a simulator that runs each app as if it was on an actual Android phone, said Lockheimer. "We can observe the application for hidden behavior, and then flag it for review if it's questionable," he said.
Google also has the ability to recheck already-published apps as it adds more detection and analytical skills to Bouncer. "As our knowledge of bad apps increases and we become aware [of new malware], we feed that into the system and rescan everything in the catalog," Lockheimer said.
Critics in the security industry have called on Google to proactively scan Android apps for potential malware, rather than wait until unacceptable or infected apps are reported by users or researchers.
"This is absolutely a good move," said Chet Wisniewski, a security researcher at U.K.-based vendor Sophos. "Bouncer clearly makes sense. [But] most Android users would be surprised that they weren't already doing this."
Lockheimer denied that Bouncer was a reaction to any single security incident, including the appearance of the first Android Trojan horse: In March 2011, Google yanked more than 50 DroidDream-infected apps from the Android Market, and within days used its "kill switch" for only the second time to remotely erase the programs from users' smartphones.
Instead, Lockheimer said, Bouncer was an evolution of Google's security philosophy.
"Bouncer wasn't in response to any one thing," Lockheimer said. "Security is important to Android, that's always been a theme of ours."
But Android malware played a prominent role in security news last year. Following the first DroidDream campaign, attackers launched planted more infected apps on the Market last June and July. Malicious apps have also regularly popped up on third-party download sites, which Google doesn't regulate, especially in China.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts