Google Bouncer Deployed to Detect Android Market Malware
We had the opportunity to talk a little about Android security earlier today, upon learning of an issue with certain HTC models that had the potential to reveal sensitive data to apps without your knowledge. Luckily, news of this exploit arrived after HTC already had the chance to start distributing patches for the bug, mitigating its impact. While it’s a losing battle trying to prevent all form of malware from being created, it’s actions like that one, which limit the damage malware can do, that help stop it from becoming a major problem. Perhaps even more important than quickly patching bugs is curbing malware distribution in the first place. Google just posted a message about how it’s been trying to keep that trash out of the Android Market, revealing a system called Bouncer that it’s put into place.
Bouncer takes a multi-tiered approach to malware detection. A good portion of the malware out there now relies on the same basic program modules, but dressed-up as different apps to broaden its spread. Bouncer will check to see if any code is shared with known malware. Even when it can’t make a match, it can run the app for a bit and look at how it interacts with the rest of the Android system, as well as with Google’s servers, trying to match behavior patterns against those attributed to other malware. Finally, Bouncer looks at the creation of new developer accounts, trying to preemptively identify ones that might be used to upload new malware.
Google’s candid about its system not being perfect, but it sounds like it’s really trying its best to balance the need for security with the benefits of an open app ecosystem.