Some apps that reasoned Bouncer ‘s alarm are immediately deny entrance to the Android Market, said Lockheimer. Others are flagged for human reappraisal. Bouncer besides features a simulator that runs each app as if it was on an actual Android phone, said Lockheimer. “ We can observe the application for obscure behavior, and then flag it for review if it ‘s questionable, ” he said. Google besides has the ability to recheck already-published apps as it adds more signal detection and analytic skills to Bouncer. “ As our cognition of bad apps increases and we become aware [ of new malware ], we feed that into the system and rescan everything in the catalogue, ” Lockheimer said. Critics in the security diligence have called on Google to proactively scan Android apps for electric potential malware, rather than wait until unacceptable or infected apps are reported by users or researchers. “ This is absolutely a estimable move, ” said Chet Wisniewski, a security research worker at U.K.-based seller Sophos. “ Bouncer intelligibly makes sense. [ But ] most android users would be surprised that they were n’t already doing this. ” Lockheimer denied that Bouncer was a reaction to any individual security system incident, including the appearance of the first base Android Trojan knight : In March 2011, Google yanked more than 50 DroidDream-infected apps from the Android Market, and within days used its “ kill switch ” for only the second time to remotely erase the programs from users ‘ smartphones. rather, Lockheimer said, Bouncer was an evolution of Google ‘s security philosophy. “ Bouncer was n’t in response to any one thing, ” Lockheimer said. “ Security is significant to Android, that ‘s always been a composition of ours. ” But Android malware played a outstanding function in security news concluding year. Following the first DroidDream campaign, attackers launched planted more septic apps on the Market last June and July. Malicious apps have besides regularly popped up on third-party download sites, which Google does n’t regulate, particularly in China. And last November, Juniper Networks said that the number of malicious Android apps had quintupled in equitable four months. Lockheimer did n’t dispute claims by security vendors — who true have Android software to sell — but said that the volume of available infect apps was the ill-timed measured. “ The important statistic is how much malware actually reaches users ‘ phones, and how many users are impacted, ” Lockheimer said. Using that measuring stick, Google claimed success. “ There was a 40 % reduction in the total of potentially-malicious downloads from Android Market, ” said Lockheimer, in the second half of 2011 compared to the six months prior.
however, some apps have not been flagged by Bouncer. last December, Google pulled 22 apps from the market after San Francisco-based Lookout Security reported that the programs sent bastardly text messages to premium numbers, racking up revenues for criminals. At the clock, Google noted that the premium texting functionality had been disclosed to users by the apps before they were installed. yesterday, Lockheimer declined to explain why those apps were n’t detected by Bouncer, saying he was n’t familiar with the specifics. “ There is some grey area, and now we ‘re getting into what is the definition of ‘malware, ‘ ” he acknowledged. “ Some apps are truly obviously bad, in some cases it ‘s not obvious. But Bouncer tracks all kinds of interesting behavior. If an app is texting to a known deceitful act, Bouncer can detect that. ” In fact, the debate over what is and what is n’t malicious, a discussion held years ago for personal computer software, has recently reached mobile apps. survive week, Symantec pegged 13 apps in the Android Market as malicious, but rival Lookout disagree, saying that they were particularly aggressive in serving ads to users of release apps. This week, Symantec backtracked but promised it would placid flag such apps to alert users. security experts applauded Bouncer. “ We believe this is a step in the right direction in securing the Android ecosystem from a broad range of constantly evolving threats, ” said Kevin Mahaffey, co-founder and head engineering officeholder of Lookout, in an e-mail statement. Although Sophos ‘ Wisniewski besides praised Google ‘s move, he had some caveats. “ The real wonder is what will Google do about potentially unwanted apps, ” said Wisniewski, using a term Sophos has recently applied to the kind of code Symantec uncovered last week. “ If we ‘re confused about it, it ‘s for a good cause. ” Wisniewski besides said that Google could do more. “ One of the best things Google could do is in truth scrutinize who is allowed to develop for Android, ” said Wisniewski. “ A majority of malicious Android apps are signed by a very small group of developers. We ‘ve seen 500 malicious apps signed by equitable one guy. ” In a blog mail Thursday, Lockheimer said that Google was analyzing fresh developer accounts in an feat to keep repeat offenders from being allowed to publish to the Market.
He former declined to go into detail, but said that the analysis was not done by Bouncer. “ It is another component of our security system scheme [ and ] another firearm of the perplex. ” Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg’s RSS feed. His e-mail address is email@example.com.