Android and Me

Google introduces Bouncer, keeps Android market free of malicious apps

2 years ago 36

Smartphone security continues to be a hot topic in the Android ecosystem. Whether you believe this is much of an issue or not, Android is the most popular mobile operating system, and the bad guys are known to target bigger markets. Google is not keeping its arms crossed, and they have just revealed Bouncer, a service that scans the Android Market for malicious apps.

This makes it easier to keep the Android Market safer while maintaining the simple process of uploading new apps (which is something developers and users love about Android). This service has been operating since the beginning of 2011, without our knowledge of its existence. And Google claims that the number of malicious app downloads has gone down by 40%, which is contrary to what most anti-virus app developers claim.

The procedure is simple (relatively). When a developer uploads an application, Bouncer analyzes it for known trojans, spyware and malware. The app is also scanned for any type of extraneous behavior, compared to past-scanned apps. The discovery of any dangerous behavior then raises a “red flag.” After finding a malicious application, Google goes on to revise the developer’s account, and prevents them from spreading any current or future dangers.

Google Mobile Blog’s post goes on to talk about the fact that Android was built with security in mind. There are multiple functions within the Android OS core, which help stop the bad guys from accessing all your goodies. Here are some of the features that help Google make our devices secure:

Sandboxing: The Android platform uses a technique called “sandboxing” to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can't access data on other parts of your phone and its potential harm is drastically limited.

Permissions: Android provides a permission system to help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don’t need to install it.

Malware removal: Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.Hiroshi LockheimerVP of Engineering, Android

As Hiroshi mentions, there is no way to stop malicious applications from getting to Android devices (or any smartphone, for that matter). What Android is trying to do here, is rid the Android market of all possible danger.

Bouncer may be the answer to all of those that worry about this issue. If an anti-virus app makes you feel more comfortable, though, it never hurts to have it. Plus, anti-theft solutions come in handy much more often than we would hope. My personal favorite happens to be avast! Free Mobile Security, followed by Lookout.

As always, though, the best solution is common sense. Getting a trojan, spyware or malware is simply not as common just yet. A googler even goes into detail about this, going as far as to mention that virus companies are “charlatans and scammers.”

Are anti-virus apps necessary?
I don't think so. Let's put it this way - I don't run those apps. That's obviously an individual choice, but I haven't felt the need for it.Hiroshi LockheimerVP of Engineering, Android
In an interview with JR Raphael, from Android Power, Lockheimer also mentions that he sees anti-virus apps as unnecessary. He also goes on to mention that the Android team is not stopping here, and they will be further trying to improve security within the Android ecosystem.

Android, security and its future
I want to emphasize that this is one piece of our overall security story. It doesn't start and end here. It starts with the device. It's not just about the app - it's the sandboxing, the (analyses of) developer accounts, and the scanning that happens. We're going for an end-to-end security path. Open source and security are not mutually exclusive.Hiroshi LockheimerVP of Engineering, Android

Just make sure you download apps from trusted sources (like the Android Market), and don’t forget to check out the permissions and app reviews. These techniques, along with Bouncer, should keep our devices safe enough, at least until this problem gets bigger (if it does). As for Google – we are glad they are working hard and have our backs.