Google is improving its security measures on Android Market after placing Bouncer on the door, to prevent the entry of undesirable apps.
Bouncer has been monitoring the Android Market for several months already, and Google claims it has seen a 40 percent drop in malicious apps between the first half and second half of 2011, Hiroshi Lockheimer, vice president of engineering for Google’s Android group, wrote on the Google Mobile blog 2 February.
The service automatically scans Android Market for potentially malicious software without requiring developers to go through an application approval process.
Google has been criticised by many security experts for not subjecting apps submitted to the Android Market to the kind of rigorous screening process that Apple does for iOS apps prior to listing them on the App Store. Google has positioned the Android Market as an open platform and has traditionally taken a hands-off approach.
“It’s not possible to prevent bad people from building malware,” Lockheimer wrote. Instead, Google is focusing on whether those bad apps are being installed and “we know the rate is declining significantly.”
Bouncer scans both new and existing apps for known malware, spyware and Trojans that could steal user data or access unauthorised features. It also analyses new developer accounts to keep out developers who have been already kicked out of the marketplace or have a history of trying to distribute questionable apps.
Android Market was shaken by the discovery of malicious apps multiple times last year, and Google famously lashed out at the security companies for scaremongering and exaggerating the threat.
“The drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise,” Lockheimer wrote.
Lookout Mobile Security, a mobile security company that sells protection software for Android devices, estimated in a recent report that more than $1 million (£632,000) had been stolen from Android users in 2011 as a result of malicious software downloads. The figure could rise, the company said. Juniper Networks found in its own reports that the number of malicious Android apps had quintupled in four months.
Google yanked apps from Android Market and took the unprecedented step of remotely removing them from user devices last year after the DroidDream malware first surfaced. More infected apps with DroidDream variants were removed over the summer.
However, whether an app is malicious or not is not really clear-cut. Just last week, Symantec identified 13 apps as being malicious because they could push data from a remote server onto user devices and perform other “suspicious” activities. Lookout criticised the announcement, saying Android CounterClank was just an aggressive form of advertising network and, while annoying, was not yet dangerous.
“No security approach is foolproof, and added scrutiny can often lead to important improvements,” Lockheimer said.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…