Google’s Bouncer Anti-Malware System Vulnerable To Sneaky Apps


Google does its best to stay on top of malware in the Google Play store, removing offending apps as soon as it becomes aware of them. Better than removing malware, though, is keeping it from even getting onto Google Play in the first place. Four months back, we learned of the company’s Bouncer system, an automated process that attempted to identify malware apps before they got a chance to spread. Some new findings by security researchers are revealing a few chinks in the Bouncer armor, and may prompt Google to make some changes in the hopes of preventing malware from defeating Bouncer’s inspection.

This isn’t the first time we’ve heard of apps designed to avoid Bouncer, but the techniques involved are new. One aspect of Bouncer’s analysis is running suspect apps in a test environment, watching how they behave on an Android system and keeping an eye out for any actions that may indicate ill intentions. What researchers Charlie Miller and Jon Oberheide discovered is that the Bouncer test environment is consistent enough for malware to detect it, and alter its behavior accordingly.

If an app knows it’s running on Bouncer, it can intentionally refrain from its normal malware behavior, resulting in a false negative from the system. Miller and Oberheide found that Bouncer always seems to report being registered to the same user, has distinct files present on the device, and contains only a single, specific user in its contact list. By looking for this pattern, an app could know it was under Bouncer’s scrutiny.

The team has already contacted Google with its findings, so hopefully Bouncer will see a few tweaks to help prevent this kind of attack from taking place.

Source: Duo Security
Via: Android Police

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!