You are here: Home / Digital Life / A New Bouncer at Android's Door
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Google's Bouncer Searches for Misbehaving Android Apps
Google's Bouncer Searches for Misbehaving Android Apps
By Adam Dickter / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

Looking to bolster confidence in the security of its fast-growing market for mobile applications, Google is posting a bouncer at the door.

The service analyzes new applications in the Android Market as well as those already posted, and even developer accounts, looking for known malware, spyware and trojans.

Google's Bouncer also looks for "behaviors that indicate an application might be misbehaving," according to a post on Google's mobile blog Thursday announcing the service.

The service develops a baseline of previously analyzed apps and compares it with new ones for signs of trouble.

"We actually run every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior," writes Hiroshi Lockheimer, vice president of engineering for Google's Android division.

And Stay Out!

Bouncer will also scrutinize new developer accounts to make sure those who are tossed as repeat offenders do not come back.

Bouncer works in addition to existing Android tools such as sandboxing, which builds virtual walls between applications and other software on the device so malware can't access data; permissions, which scrutinizes the capabilities of apps to help users make decisions; and malware removal tools that can remotely scrub intruders from a phone or tablet.

Still, the Android Market's growth -- it topped 11 billion downloads -- has made it a top source of malware. Juniper Networks in November announced that its Global Threat Center believes the easy process for posting apps led to a 472 percent increase in malware samples since the previous July.

"These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications," wrote Juniper on its threat center blog. Lack of sufficient screening means poorly defined, unscreened apps will only be removed if malware is reported or detected by Google, the company said.

Getting Better All The Time

But Lockheimer in his blog said malware threats are now declining.

"The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40 percent decrease in the number of potentially malicious downloads from Android Market," he said, noting that it's not because malware makers have given up.

"This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise."

Building confidence in security is crucial for Google to move beyond the consumer base into the business sector, where it has been less popular, said Ramon Llamas, an IDC research analyst.

"As an open-source platform, it hasn't gained a lot of traction for enterprise, because they say we recognize the popularity, we recognize the power, but we don't want to expose ourselves to security risks," Llamas said. "Bouncer operates as that gatekeeper to make sure everything is legitimate. It's not a silver bullet, but it's another piece of the puzzle to make sure Android is going to be secure for everybody."

Read more on: Android, Security, Malware
Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
Product Information and Resources for Technology You Can Use To Boost Your Business

An easily avoided security lapse -- failure to use two-factor authentication on a single server -- is being blamed for the massive computer breach that hit JPMorgan Chase this past summer.

Flying under the radar just before Christmas, HP has launched a new version of its Chromebook 14, most notable for its touch screen and full high-definition display, plus more powerful specs.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.