Google Bouncer Won't Block All Android Malware - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Google Bouncer Won't Block All Android Malware

Security expert says Google Bouncer malware checks are a step in the right direction, but not a complete solution. Meanwhile, Google excised more fake apps from the Android Market.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
Will the newly announced Google Bouncer help the company prevent all fraudulent and malicious apps from sneaking into its Android Market?

Google last week revealed that it had already deployed Bouncer last year, and that the technology had led to "a 40% decrease in the number of potentially malicious downloads from Android Market" between the first and second half of 2011. That wording is notable: Google isn't discussing the number of potentially bad apps that it blocked, but rather the number of times that people didn't download a potentially bad app.

Google said its statistic was meant to counterpoint warnings from "companies who market and sell anti-malware and security software" that the volume of Android malware continues to rise sharply. "While it's not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market--and we know the rate is declining significantly," said Google.

[ There can be a fine line between adware and malware. See Counterclank Apps To Remain In Android Market. ]

Accordingly, might Bouncer, once and for all, settle the security debate between Apple's walled-garden approach and the more laissez-faire philosophy behind the Android Market? Some criticize the Google approach as being too reactive, while others see it as a healthy alternative to Apple's lockdown of iOS.

That debate will certainly continue to rage. But security expert Dmitry Bestuzhev at Kaspersky Lab--which sells antivirus software--said that without a doubt, Bouncer is a big step in the right direction, since it will scan all Android Market apps for the presence of known malware as well as monitor for suspicious behavior via emulation.

Still, there are limits to the approach. For starters, "not all AV engines have the same quality, so there is a possibility some malicious apps won't be detected as malicious," Bestuzhev said in a blog post. Bouncer also likely wouldn't spot malware that targeted zero-day vulnerabilities. Furthermore, apps can be designed with "anti-emulation tricks, or a malicious app can be programmed to behave differently once an emulation is detected, making the app appear to be non-threatening," he said.

Emulation workarounds have already been well-honed by developers of Windows viruses. Security researcher Charlie Miller also used those techniques last year to bypass Apple's App Store checks and publish Instastock, a fake stock market app that exploited a code-signing vulnerability in iOS, allowing him to launch a proof-of-concept attack that "stole" data from his own iPhone. In response, Apple excommunicated Miller from its iOS developer program for one year.

Bestuzhev said other anti-emulation tricks might include designing functionality that gets triggered only if the device is running on specified telecommunications carriers. "For example, an app could be designed to only behave maliciously if it detects a Latin American carrier," he said. "If the same app is used by a U.S. carrier, no malicious behavior will be detected."

To further improve Android Market security, Google has also announced that it will begin vetting all new developer accounts. But Bestuzhev predicts that the combination of these checks and using Bouncer to patrol the Android Market for fake and malicious apps will likely lead attackers to attempt to hack into developer accounts that Google already trusts, then using them as malicious app distribution channels.

In other Android suspicious-app news, Android Police Monday reported finding new, potentially malicious applications in the Android Market.

The fake apps were named after legitimate offerings, including "Madden NFL 12," "Angry Chicken," "SpeedRacer--Final Death Match," "Crazy Penguin Catapult," and "Batman Arkham City Lockdown." Google has excised the apps in question (although Android Police posted a screen grab on Flickr that shows the apps).

While the names of the apps appeared to be legitimate, Android Police noted that all of the apps had been created with "AppInventor," which it said is a red flag for fake apps. Meanwhile, under "publisher," some of the apps riffed on the name Rovio--maker of Angry Birds--by using the fake name "ROVIO MOBIIE LTD." According to Android Police, "the Bouncer may be watching out for malware, but it still has room to grow, especially in the Rovio Mobile Ltd case."

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sabrina
50%
50%
Sabrina,
User Rank: Apprentice
2/8/2012 | 10:10:20 AM
re: Google Bouncer Won't Block All Android Malware
security features built into the Android system, including application sandboxing, permission-based operation, and the ease of removing malware either through the phone or remotely via the Android Market.
captbilly
50%
50%
captbilly,
User Rank: Apprentice
2/7/2012 | 10:44:42 PM
re: Google Bouncer Won't Block All Android Malware
Are you serious? Having a headline like, "Google Bouncer Won't Block All Android Malware", is a bit like saying that vaccines won't protect us from all disease. Yes, it is true that Bouncer won't block all malicious apps, just as Apple or Microsoft haven't been able to protect their OSs from all malware and viruses, but I believe that was obvious to everyone. Maybe tomorrow you could have a headline that says, "sunglasses will not stop the sun from coming up tomorrow".
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll