Skip to main content

Google's Bouncer Protects Android Market From Malware

On Thursday Google seemingly succumbed to the needs of a hands-on approach to filtering out malicious apps on the Android Market by officially introducing Bouncer to the public. Now Android device owners can breathe a collective sigh of relief knowing that perhaps from here on out, apps listed on Android Market are exactly what they claim to be, and not underage malware in disguise trying to slip in through the front door.

Hiroshi Lockheimer, VP of Engineering, Android, reports that Bouncer (codename) provides automated scanning of Android Market for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process. The service performs a set of analysis on new applications, applications already in Android Market, and developer accounts.

"Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans," Lockheimer explains. "It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back."

In 2011, device activations grew 250-percent year-on-year, and the total number of app downloads from Android Market topped 11 billion. However Bouncer actually began to kick malicious apps out the door last year, and between the first and second halves of 2011, Google supposedly saw a 40-percent decrease in the number of potentially-malicious downloads from Android Market. This is good news given that security firms report that malicious programs are actually on the rise.

"While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market - and we know the rate is declining significantly," Lockheimer added.

In addition to Bouncer, Lockheimer also points out that Android has built-in services to help prevent malware including sandboxing -- aka putting virtual walls between applications and other software on the device -- permissions and remote malware removal.

"Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required," he said.

But as Lockheimer points out, no security approach is foolproof, so not everything will be bounced out of Android Market. Yet at least we know there's a little bit of muscle helping to keep Android's slick app dance stay clear of malware.