Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google reveals Android malware 'Bouncer,' scans all apps

Gregg Keizer | Feb. 6, 2012
Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.

And last November, Juniper Networks said that the number of malicious Android apps had quintupled in just four months .

Lockheimer didn't dispute claims by security vendors -- who admittedly have Android software to sell -- but said that the volume of available infected apps was the wrong metric.

"The important statistic is how much malware actually reaches users' phones, and how many users are impacted," Lockheimer said.

Using that measuring stick, Google claimed success. "There was a 40% reduction in the number of potentially-malicious downloads from Android Market," said Lockheimer, in the second half of 2011 compared to the six months prior.

However, some apps have not been flagged by Bouncer.

Last December, Google pulled 22 apps from the Market after San Francisco-based Lookout Security reported that the programs sent spurious text messages to premium numbers, racking up revenues for criminals.

At the time, Google noted that the premium texting functionality had been disclosed to users by the apps before they were installed.

Yesterday, Lockheimer declined to explain why those apps weren't detected by Bouncer, saying he wasn't familiar with the specifics.

"There is some gray area, and now we're getting into what is the definition of 'malware,'" he acknowledged. "Some apps are really obviously bad, in some cases it's not obvious. But Bouncer tracks all kinds of interesting behavior. If an app is texting to a known fraudulent number, Bouncer can detect that."

In fact, the debate over what is and what isn't malicious, a discussion held years ago for PC software, has recently reached mobile apps.

Last week, Symantec pegged 13 apps in the Android Market as malicious, but rival Lookout disagreed, saying that they were particularly aggressive in serving ads to users of free apps. This week, Symantec backtracked but promised it would still flag such apps to alert users.

Security experts applauded Bouncer.

"We believe this is a step in the right direction in securing the Android ecosystem from a broad range of constantly evolving threats," said Kevin Mahaffey, co-founder and chief technology officer of Lookout, in an emailed statement.

Although Sophos' Wisniewski also praised Google's move, he had some caveats.

"The real question is what will Google do about potentially unwanted apps," said Wisniewski, using a term Sophos has recently applied to the kind of code Symantec uncovered last week. "If we're confused about it, it's for a good reason."

Wisniewski also said that Google could do more. "One of the best things Google could do is really scrutinize who is allowed to develop for Android," said Wisniewski. "A majority of malicious Android apps are signed by a very small group of developers. We've seen 500 malicious apps signed by just one guy."

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.