Mobile
News
2/7/2012
02:49 PM
Connect Directly
RSS
E-Mail
50%
50%

Google Bouncer Won't Block All Android Malware

Security expert says Google Bouncer malware checks are a step in the right direction, but not a complete solution. Meanwhile, Google excised more fake apps from the Android Market.

10 Worst Android Apps
10 Worst Android Apps
(click image for larger view and for slideshow)
Will the newly announced Google Bouncer help the company prevent all fraudulent and malicious apps from sneaking into its Android Market?

Google last week revealed that it had already deployed Bouncer last year, and that the technology had led to "a 40% decrease in the number of potentially malicious downloads from Android Market" between the first and second half of 2011. That wording is notable: Google isn't discussing the number of potentially bad apps that it blocked, but rather the number of times that people didn't download a potentially bad app.

Google said its statistic was meant to counterpoint warnings from "companies who market and sell anti-malware and security software" that the volume of Android malware continues to rise sharply. "While it's not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market--and we know the rate is declining significantly," said Google.

[ There can be a fine line between adware and malware. See Counterclank Apps To Remain In Android Market. ]

Accordingly, might Bouncer, once and for all, settle the security debate between Apple's walled-garden approach and the more laissez-faire philosophy behind the Android Market? Some criticize the Google approach as being too reactive, while others see it as a healthy alternative to Apple's lockdown of iOS.

That debate will certainly continue to rage. But security expert Dmitry Bestuzhev at Kaspersky Lab--which sells antivirus software--said that without a doubt, Bouncer is a big step in the right direction, since it will scan all Android Market apps for the presence of known malware as well as monitor for suspicious behavior via emulation.

Still, there are limits to the approach. For starters, "not all AV engines have the same quality, so there is a possibility some malicious apps won't be detected as malicious," Bestuzhev said in a blog post. Bouncer also likely wouldn't spot malware that targeted zero-day vulnerabilities. Furthermore, apps can be designed with "anti-emulation tricks, or a malicious app can be programmed to behave differently once an emulation is detected, making the app appear to be non-threatening," he said.

Emulation workarounds have already been well-honed by developers of Windows viruses. Security researcher Charlie Miller also used those techniques last year to bypass Apple's App Store checks and publish Instastock, a fake stock market app that exploited a code-signing vulnerability in iOS, allowing him to launch a proof-of-concept attack that "stole" data from his own iPhone. In response, Apple excommunicated Miller from its iOS developer program for one year.

Bestuzhev said other anti-emulation tricks might include designing functionality that gets triggered only if the device is running on specified telecommunications carriers. "For example, an app could be designed to only behave maliciously if it detects a Latin American carrier," he said. "If the same app is used by a U.S. carrier, no malicious behavior will be detected."

To further improve Android Market security, Google has also announced that it will begin vetting all new developer accounts. But Bestuzhev predicts that the combination of these checks and using Bouncer to patrol the Android Market for fake and malicious apps will likely lead attackers to attempt to hack into developer accounts that Google already trusts, then using them as malicious app distribution channels.

In other Android suspicious-app news, Android Police Monday reported finding new, potentially malicious applications in the Android Market.

The fake apps were named after legitimate offerings, including "Madden NFL 12," "Angry Chicken," "SpeedRacer--Final Death Match," "Crazy Penguin Catapult," and "Batman Arkham City Lockdown." Google has excised the apps in question (although Android Police posted a screen grab on Flickr that shows the apps).

While the names of the apps appeared to be legitimate, Android Police noted that all of the apps had been created with "AppInventor," which it said is a red flag for fake apps. Meanwhile, under "publisher," some of the apps riffed on the name Rovio--maker of Angry Birds--by using the fake name "ROVIO MOBIIE LTD." According to Android Police, "the Bouncer may be watching out for malware, but it still has room to grow, especially in the Rovio Mobile Ltd case."

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
captbilly
50%
50%
captbilly,
User Rank: Apprentice
2/7/2012 | 10:44:42 PM
re: Google Bouncer Won't Block All Android Malware
Are you serious? Having a headline like, "Google Bouncer Won't Block All Android Malware", is a bit like saying that vaccines won't protect us from all disease. Yes, it is true that Bouncer won't block all malicious apps, just as Apple or Microsoft haven't been able to protect their OSs from all malware and viruses, but I believe that was obvious to everyone. Maybe tomorrow you could have a headline that says, "sunglasses will not stop the sun from coming up tomorrow".
Sabrina
50%
50%
Sabrina,
User Rank: Apprentice
2/8/2012 | 10:10:20 AM
re: Google Bouncer Won't Block All Android Malware
security features built into the Android system, including application sandboxing, permission-based operation, and the ease of removing malware either through the phone or remotely via the Android Market.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.