Google Reveals Android Malware 'Bouncer,' Scans All Apps

Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.

By Gregg Keizer
Fri, February 03, 2012

Computerworld — Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.

The scanning service, appropriately codenamed "Bouncer," has been in action "a number of months," said Hiroshi Lockheimer, the vice president of engineering for Android, in an interview Thursday. "The interesting thing is that no one really noticed. It didn't disrupt the end user's experience [in the Android Market] or disrupt the developers. They didn't have to think about it at all."

Once an app is uploaded to Google by its developer but before it's published to the Android Market, Bouncer scans the code for known malware, including spyware and Trojan horses, and looks for behaviors that match apps which the company has previously decided are unacceptable.

Some apps that sound Bouncer's alarm are immediately denied entrance to the Android Market, said Lockheimer. Others are flagged for human review.

Bouncer also features a simulator that runs each app as if it was on an actual Android phone, said Lockheimer. "We can observe the application for hidden behavior, and then flag it for review if it's questionable," he said.

Google also has the ability to recheck already-published apps as it adds more detection and analytical skills to Bouncer. "As our knowledge of bad apps increases and we become aware [of new malware], we feed that into the system and rescan everything in the catalog," Lockheimer said.

Critics in the security industry have called on Google to proactively scan Android apps for potential malware, rather than wait until unacceptable or infected apps are reported by users or researchers.

"This is absolutely a good move," said Chet Wisniewski, a security researcher at U.K.-based vendor Sophos. "Bouncer clearly makes sense. [But] most Android users would be surprised that they weren't already doing this."

Lockheimer denied that Bouncer was a reaction to any single security incident, including the appearance of the first Android Trojan horse: In March 2011, Google yanked more than 50 DroidDream-infected apps from the Android Market, and within days used its "kill switch" for only the second time to remotely erase the programs from users' smartphones.

Instead, Lockheimer said, Bouncer was an evolution of Google's security philosophy.

"Bouncer wasn't in response to any one thing," Lockheimer said. "Security is important to Android, that's always been a theme of ours."

But Android malware played a prominent role in security news last year. Following the first DroidDream campaign, attackers launched planted more infected apps on the Market last June and July. Malicious apps have also regularly popped up on third-party download sites, which Google doesn't regulate, especially in China.

1 2 3 next page »

Originally published on www.computerworld.com. Click here to read the original story.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

You are here: Technology Topics » Security » News

Most Recent Security Stories

White Papers »

The most simple & secure solution for Intranet access from mobile devices

The promise of enterprise mobility means that employees are more productive and address business issues in a timely, untethered manner.

Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios

Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.

Establishing a Strategy for Database Security is No Longer Optional

The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three categories of controls that should be implemented to ensure that enterprise data is protected in the most efficient and effective manner.

Database Activity Monitoring Is Evolving

Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.

PCI DSS Compliance with Stingray Application Firewall Module

PCI DSS is mandatory for any business that handles confidential cardholder data. Riverbed® Stingray™ Traffic Manager and Stingray Application Firewall Module help with many parts of the PCI DSS specification, notably the web application firewall (WAF) requirements of section 6.6.

PCI DSS Compliance with Stingray Application Firewall Module

Webcasts »

Distributed Database Security with Real-time Monitoring

View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with a holistic approach to data security and compliance.

Data Privacy and Protection in Production Environments: New Research from Ponemon Institute

Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT

In a recent study conducted by Ponemon Institute, fifty-five percent of respondents indicated they were not confident that their organization would be able to detect the loss or theft of sensitive personal information in their company's databases and applications.

Join featured guest Dr. Larry Ponemon from the Ponemon Institute, to discuss these new findings and how to best address the growing number of data breaches and privacy challenges that are facing your organization. This webinar will focus on:

- Understanding the current state of privacy and data protection in the production environment
- Identifying areas of greatest vulnerability
- Keeping data secure without sacrificing productivity
- Enterprise and configurable solutions for multiple applications

Spear Phishing and the Modern Cyber Attack

Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks. Learn how spear phishing works and three recommendations for IT to protect against modern threats.

Optimizing the world of IT for end-users: Balancing freedom and choice with security and compliance to meet business

Download this eSeminar to hear from experts Ziff Davis Enterprise, VMware and HP and learn how client-side virtualization can improve your organization's performance, while reducing the IT burden of managing and maintaining an increasingly diverse client universe.

Close a Dangerous Vulnerability: Automated Methods for Managing Admin Rights

In this exclusive webcast from Viewfinity, you'll hear how to leverage Group Policy Object settings to close this vulnerability by elevating privileges for standard users.

Getting to Business Value through IT

More companies are adopting business service management practices to better align their business and IT needs. Download this video to hear findings from the 2011 BSM Maturity Benchmark Survey to learn how companies are taking a customer-centric approach to IT management.

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter