Google Bouncer To Scan For Malware In Android Apps
Google today revealed a service codenamed 'Bouncer,' which provides automated scanning of Android Market for potentially malicious software.
Google said that the new service does not disrupte the user experience of Android Market or require developers to go through an application approval process.
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here's how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. Google actually runs every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. The company also analyzes new developer accounts to help prevent malicious and repeat-offending developers from coming back.
The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, Google saw a 40% decrease in the number of potentially-malicious downloads from Android Market.
In addition to using new services to help prevent malware, Google designed Android from the beginning to make mobile malware less disruptive.
The Android platform uses a technique called "sandboxing" to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can't access data on other parts of your phone and its potential harm is drastically limited.
Android also provides a permission system to help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don't need to install it.
Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here's how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. Google actually runs every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. The company also analyzes new developer accounts to help prevent malicious and repeat-offending developers from coming back.
The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, Google saw a 40% decrease in the number of potentially-malicious downloads from Android Market.
In addition to using new services to help prevent malware, Google designed Android from the beginning to make mobile malware less disruptive.
The Android platform uses a technique called "sandboxing" to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can't access data on other parts of your phone and its potential harm is drastically limited.
Android also provides a permission system to help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don't need to install it.
Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.
