Google Gets Serious About Android Security, Now Auto-Scans App Market For Malware

The times of Android Market anarchy could also be coming to an finish.

On Thursday, Google introduced a brand new performance within the utility marketplace for its cell working system that mechanically scans new apps for recognized malware. This system, which the corporate is asking  “Bouncer,” additionally continues to run periodic simulations on current apps to check them for malicious behaviors like information theft or paid texting scams.

“If it’s a repackaging of recognized malware, we’ll flag it,” says Android vice chairman of engineering Hiroshi Lockheimer. “We additionally run apps on the server aspect in a simulated gadget surroundings, to watch what it’s doing. If we see something fishy, it will get flagged for guide evaluate.”

*Click here for more related to buy keyword installs ios

Since Android launched, Google has had the power to remotely delete misleading apps from customers’ telephones, even with out the customers’ participation or permission. It is also applied some safety features on the cellphone itself, like sandboxing and permissions that restrict untrusted apps’ entry to the gadget.

However Google’s cell safety has nonetheless been principally reactive, as within the case of Droid Dream, a group of malicious apps that made their means into the Android Market, contaminated as many as 120,000 customers, and needed to be subsequently nuked with Google’s distant kill swap.

Now Google goals to take a extra preventative strategy, even screening builders and hunting down these recognized to be malware writers, in response to Lockheimer. “If somebody’s a recognized dangerous actor, we’ll attempt to filter them out within the first place,” he says.

Google’s precautions nonetheless do not come near Apple’s strict safety measures for the iPhone and its App Retailer. Google nonetheless is not subjecting builders to a prolonged approval interval, as Apple does, solely a real-time scan when their app is uploaded to the market.

And simply as considerably, Android continues to permit apps to obtain and execute new code. As safety researcher Jon Oberheide has demonstrated with decoy apps posing as Twilight film images and Offended Birds sequels, that functionality might enable a tough malware developer to add an innocent-looking app to the Android Market after which use it to obtain malicious capabilities and run them on the cellphone. As a result of Google’s new safety measures solely scan the Android Market and never the gadget itself, that sort of scheme doubtless would not be caught.

Nonetheless, Google says that Android malware has been on the decline even prior to those new safety measures. It claims that between the primary and second half of 2011, it noticed a 40% lower in “potentially-malicious” app downloads.

*Click here for more related to ios app rank

That is a really completely different kind of determine from these tossed round within the safety business: Juniper Networks, for example, not too long ago said that it noticed a 472% enhance in Android malware variants between July and November 2011. However Google’s Lockheimer says that Google is specializing in stopping malicious downloads from its Android Market, not stopping dangerous apps from multiplying or proliferating exterior its sanctioned Market. “A very powerful factor is when customers are literally affected,” he says. “And that’s been in important decline over the past 12 months.”

Regardless, Google’s announcement will likely be a wake-up name to antivirus distributors who’ve staked a lot of their future on cell units, and significantly Lookout, which presently leads the cell antivirus business with greater than 12 million downloads. Lockheimer, for example, does not run any antivirus on his Android cellphone, and does not advocate that customers do both.

“I personally don’t run it, and I really feel snug that my mom and my spouse don’t’ run it both, as a result of I understand how we designed it and what we’ve put in place,” he says. “Folks may be assured in utilizing Android. The service we’re saying in the present day is nearly simply an insurance coverage coverage to ensure that continues to be the case.”

 

Skip to toolbar