Google, which has always maintained that the Android Market, although not immune to malware, was not heavily affected by it, revealed Thursday it has been using a technology called Bouncer to monitor apps for malware. Although only saying that Bouncer has been in use "for a while now," Google said it saw a 40 percent reduction in the number of potentially malicious apps downloaded from the market between the first and second halves of 2011. Bouncer removes apps that it identifies as containing malware, spyware, or trojans.
Google is quick to point out that the significant reduction in potentially dangerous applications occurred in the same time frame that anti-virus vendors made a lot of noise, well covered in the media, about the huge growth in malware-infected applications coming straight from the Android Market to users' devices. It's no secret that Google does not think well of anti-virus vendors, which it has called "charlatans" for selling anti-virus software. Google has said anti-virus software is a worse blight than the malware itself.
Bouncer looks at applications in the Market and in developer accounts, searching for known code or behaviors that seem suspicious, and comparing new apps against previously uploaded versions. Additionally, apps are run on what is likely--Google doesn't say--an Android simulator in the Google Cloud to look for behaviors that are not obvious from the code analysis.
Red-flag behaviors result in the app being pulled from the Market, and can also result in the developer's account being closed for repeated malicious behavior. Google also has the capability to remove an app from a user's device via its Remote Application Removal feature. This feature has been rarely used to this point, with Google only commenting on its use in removing a test app that a security researcher uploaded to the market.
Google is quick to point out that the significant reduction in potentially dangerous applications occurred in the same time frame that anti-virus vendors made a lot of noise, well covered in the media, about the huge growth in malware-infected applications coming straight from the Android Market to users' devices. It's no secret that Google does not think well of anti-virus vendors, which it has called "charlatans" for selling anti-virus software. Google has said anti-virus software is a worse blight than the malware itself.
Bouncer looks at applications in the Market and in developer accounts, searching for known code or behaviors that seem suspicious, and comparing new apps against previously uploaded versions. Additionally, apps are run on what is likely--Google doesn't say--an Android simulator in the Google Cloud to look for behaviors that are not obvious from the code analysis.
Red-flag behaviors result in the app being pulled from the Market, and can also result in the developer's account being closed for repeated malicious behavior. Google also has the capability to remove an app from a user's device via its Remote Application Removal feature. This feature has been rarely used to this point, with Google only commenting on its use in removing a test app that a security researcher uploaded to the market.
Google cautions users to look at the permissions that an app requests, and if the requests seem suspicious, to stop the installation. Of course, this means users have to understand the permissions being granted, and for most non-technical users, this is an onerous requirement. So far, nothing has been released via the Market that can't be removed by simply uninstalling the offending app. Should that change, then Google's offhand approach to protecting users might see a change.
Source: InformationWeek USA
