Google (Nasdaq: GOOG) announced a new layer of security for its Android Market on Thursday, unveiling a program called “Bouncer” that will automatically scan apps and developer accounts for malware.
Bouncer works by analyzing each app as it’s uploaded to the Market, scanning for threats, spyware and trojans. It also takes a look at developer accounts to make sure they don’t have a malicious history. If they do, Bouncer will discourage them from returning. The program will do repeated scans on existing apps to keep tabs on the entire marketplace.
In addition to the initial scan, Bouncer simulates a run of the app within Google’s cloud infrastructure to see if threats would occur if the app was running on an actual Android device.
The brought protection follows security issues in regards to the safety of Android packages. not like Apple (Nasdaq: AAPL), its main competitor within the app market, Google previously did not require builders uploading apps to the Android marketplace to go through a rigorous approval procedure.
The service has actually been in use for a while, according to Hiroshi Lockheimer, vice president of engineering for Android. There was a 40 percent decrease in the number of potentially malicious downloads from the Android Market between the first and second halves of 2011, according to Google.
Google didn’t respond to our requests for information.
A Need for a Double-Check
Mobile malware has been a growing concern over the past year.
“Last 12 months by myself there were approximately four,600 new vulnerabilities that were discovered in the market, and about ninety two % of the ones may well be accessed remotely, and approximately 75 p.c of those were via internet applications, Scott Bradley, vice president of the Americas for iViZ safety advised TechNewsWorld. So the dangers are very high. laptop users recognise they need malware assessments and so they purchase the gear to do this, however cellular app vulnerabilities are out there, and people are taking super dangers with issues similar to e-banking but don’t recall to mind the will for malware [protection] on a telephone.”
Part of the problem may be that many users assume that if an app has made it into Google’s or Apple’s storefront, it’s safe.
“Google’s introduction of the Bouncer service is an encouraging step forward for mobile security. Many mistakenly assume that the app store gatekeepers are protecting them from malicious content, but history suggests that detailed security reviews of apps have been lacking prior to their inclusion in the app stores,” Michael Sutton, vice president of security research at Zscaler ThreatLabZ, told TechNewsWorld.
Taking a Cue From Apple?
The ways in which Google and Apple regulate their respective app outlets reflect differing philosophies. iOS apps undergo a lengthy approval process before appearing in the App Store; Android developers hoping to sell in the Market face fewer hurdles.
In recent Senate hearings on location tracking, Alan Davidson, former director of public policy at Google, said the company doesn’t want to be a “gatekeeper” for app developers and would rather give everyone a chance to get online.
“The App Store has always been a much tighter environment, and until now it’s been very easy for anyone to create an Android app, with any kind of malware on it, and put it out into an insecure environment,” said Bradley.
The coverage may well be helpful for smaller authentic developers with fewer resources, but it ran the chance of permitting rogue devs to put lots of cellular users in jeopardy — and pissed off, compromised customers aren’t good for the base line.
“Apple’s approval process, which can sometimes be a pain in the back side of app developers, is designed to keep out problems like this before they ever hit the store, something that gives app buyers the comfort of knowing their app purchase is not going to destroy their phone, and thus making them more likely to continue to purchase apps,” Aaron Watkins, cofounder of Appency and analyst at GigaOM Pro told TechNewsWorld.
“We have all seen with traditional antivirus software programs that there is a continual need for new updates and innovations in an attempt not to get ahead of, but simply keep up with, the pace of the hackers and spammers of the world,” said Watkins.
Bouncer has been successful so far, according to Google. Going forward, its effectiveness may be easy to track.
“It remains to be seen how effective Bouncer will be, but we’ll all know shortly,” said Sutton.