Even though most malicious Android apps are served from third-party app markets, cyber crooks occasionally manage to disseminate some via Google’s official Android Market.
Security experts have been wondering for a long time why Google hasn’t copied Apple’s rather successful app vetting process but, as it turns out, the company has already made a move in the right direction by adding an automated app scanning service to the market.
Codenamed “Bouncer”, it scans both newly added and old apps in search for potentially malicious software, and analyzes developer accounts in order to prevent repeat-offending developers from returning with new malicious offerings.
“Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans”, explains Hiroshi Lockheimer, VP of Engineering of the Android team. “It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.”
The applications’ behavior is analyzed by running it on Google’s cloud infrastructure and simulating how it will run on an Android device. Once the service flags an app, it will be reviewed manually by Google employees.
Alas, Lockheimer doesn’t tell if apps that cannot be considered strictly as malware but don’t have the users’ best interest at heart will be flagged by the service and banned from the market.
“The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market,” says Lockheimer, contradicting the findings of many security companies.
According to all this, Google is still not checking out the apps before they are made available for download by developers, but if the service works as planned, malicious apps should be taken down before doing much damage.
Granted, it is not the best solution, but it is a obvious improvement. Still, Android users should remember that carefully reviewing what permissions an app asks before being installed and researching it and its developer before doing so will considerably lessen the probability of installing a malicious app.