Google reveals Bouncer, claims Malware decrease
Google has revealed a new security service codenamed Bouncer. This has apparently already been running since the first half of 2011, and provides automated scanning of Android Market looking for potential malware. We are told the new service analyses on new applications, applications already in Android Market, and developer accounts.
The company says its introduction will not “disrupt the user experience of Android Market or require developers to go through an application approval process”. It also claims to have seen a 40% decrease in the number of “potentially-malicious downloads” from Android Market in the time the service has been running…
On the Google Mobile blog Hiroshi Lockheimer – VP of Engineering, Android – writes:
Here’s how it works: once an application is uploaded, the service immediately starts analysing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analysed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behaviour. We also analyse new developer accounts to help prevent malicious and repeat-offending developers from coming back.
You can read more on the Google Mobile blog.
As an additional FYI, as it were, Hiroshi Lockheimer also makes these points about Android’s security defences (stemming from its Linux heritage presumably):
In addition to using new services to help prevent malware, we designed Android from the beginning to make mobile malware less disruptive. In the PC model, malware has more potential to misuse your information. We learned from this approach, designing Android for Internet-connected devices. Some of Android’s core security features are:
* Sandboxing: The Android platform uses a technique called “sandboxing” to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can’t access data on other parts of your phone and its potential harm is drastically limited.
* Permissions: Android provides a permission system to help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don’t need to install it.
* Malware removal: Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.
No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.