English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Will Google Bouncer definitely remove all malware from the Android Market?

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted February 06, 15:21  GMT
Tags: Mobile Malware, Google, Google Android
0.2
 

Will the Bouncer be effective in addressing the malware problems with Android apps?

First of all, this is a good and really necessary move Google is taking, however the solution will be only partial. Based on the public information around this service, all apps will be scanned for known malware. Basically that means a multi-scanner or something similar will be used, so the quality of malware detection will depend greatly on what AV engines Google will use to analyze apps. Not all AV engines have the same quality, so there is a possibility some malicious apps won't be detected as malicious. The second step offered by Google is emulation. It's a good approach, however it can also be cheated by anti-emulation tricks or a malicious app can be programmed to behave differently once an emulation is detected, making the app appear to be non-threatening.  So, basically the same malware tricks used to bypass Windows security can be implemented now on Android.

Is it still a good idea to use a mobile security program for protection even with Bouncer in place?

Yes, for sure it's a good idea. The situation is many people download apps not only from the official Android Market, but also from third-party sources.  Nobody knows for certain what kind of apps are out there on private market stores, run by people not affiliated with Google. Additionally as we mentioned if Google's multi-scanner won't count on all AV engines but only some of them, it's certainly good to use AV detection on your phone as a second opinion for anything that might have slipped past Google’s scanner.

Are there ways for hackers to sneak infected apps into the store despite Bouncer?

Yes and one of them is by hacking well known and trustful developers accounts. In fact I believe that will happen in the near feature. I say this because of Google says it will check all new developers account. If a developer is already known and trusted by Google, that developer account will be a prime target for cybercriminals. Also, even though we haven’t seen it happen yet, we know cybercriminals can start developing apps that work differently in specific geographic zones. For example, an app could be designed to only behave maliciously if it detects a Latin American carrier…if the same app is used by a US carrier, no malicious behavior will be detected. That's also an anti-emulation trick which can be exploited by cybercriminals in order to avoid Bouncer detection.


Comments

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog