Google ‘bouncer’ gets tough with Android malware apps

Developers making rogue apps for Google‘s Android platform, look out – the Bouncer is here.

Bouncer, Google’s new security service for its Android platform, scans the Android Market and even developers’ accounts for potentially harmful apps and kicks them out, just like its real-life namesake.

“Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process,” Android VP of engineering Hiroshi Lockheimer said in a blog post.

Lockheimer said the service performs analyses on new applications, applications already in Android Market, and developer accounts.

Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans.

It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.

“We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back,” Lockheimer said.

Lockheimer said 2011 had been a phenomenal one for the Android ecosystem, with device activations growing 250 percent year-on-year, and the total number of app downloads from Android Market topped 11 billion.

On the other hand, Lockheimer said Android malware downloads are decreasing.

Citing figures from the first and second halves of 2011, Lockheimer claimed a 40-percent decrease in the number of potentially-malicious downloads from Android Market.

“This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise. While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market – and we know the rate is declining significantly,” Lockheimer said.

Malware made less potent

Lockheimer also said Android was designed from the beginning to make mobile malware less disruptive.

Some of Android’s core security features are: Sandboxing: a technique to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can’t access data on other parts of your phone and its potential harm is drastically limited. Permissions: a permission system helps one understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don’t need to install it. Malware removal: Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.

“No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe,” Lockheimer said. — TJD, GMA News

Article source:

View full post on National Cyber Security » Virus/Malware/Worms