Is Google doing enough to address Android security issues?
By Chantal Tode
February 6, 2012
Google is attempting to address the reportedly growing problem of malware on Android with a newly announced service called Bouncer that automatically scans Android for malware. However, the step while one that Google needed to take may not be enough to deal with the problem.
Android is growing rapidly and that popularity has made it a target of malware. One of the more popular forms of malware for Android is SMS-sending Trojans that collect personal information and steal users money.
Google figured out there are a lot of malicious apps on the market and it is getting worse every day, said Dmitry Bestuzhev, head of global research and analysis team for Latin America at Kaspersky Labs, Woburn, MA. Before it becomes a real nightmare, they wanted to filter out malicious apps.
Bouncer is a much-needed step, however it seems like it will not be completely effective in detecting all malicious apps, he said.
The challenge for now is how to keep the Android Marketplace open for all developers, and at the same time to keep it clean from malware. It is really hard to reach the balance between those two goals.
Important first step
The problem of malware is a serious one for Android because the operating system is not only being used by a growing number of consumers but also by businesses, governments and military forces.
Google insists that Bouncer, which has been in place for a while, is working, with the number of potentially malicious downloads from Android Market decreasing 40 percent between the first and second halves of 2011.
While its not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market - and we know the rate is declining significantly, said Hiroshi Lockheimer, vice president of engineering for Android, in the blog post announcing Bouncer.
No security approach is foolproof, and added scrutiny can often lead to important improvements, he said. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.
Bouncer automatically scans the Android Market for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process. It starts analyzing applications for malware, spyware and Trojans as soon as they are uploaded.
The service also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.
While Bouncer is an important first step for Google, the solution could only be a partial one.
Based on the public information around this service, all apps will be scanned for known malware, Mr. Bestuzhev said. Basically that means a multi-scanner or something similar will be used, so the quality of malware detection will depend greatly on what AV engines Google will use to analyze apps.
Not all AV engines have the same quality, so there is a possibility some malicious apps won't be detected as malicious, he said.
The second step offered by Google is emulation. It is a good approach, however, it can also be cheated by anti-emulation tricks or a malicious app can be programmed to behave differently once an emulation is detected, making the app appear to be non-threatening.
In the mean time, malware continues to be a problem for Google.
McAfee Labs reported last year that the amount of malware targeted at Android devices jumped nearly 37 percent from the previous quarter, with nearly all new mobile malware in the third quarter targeted at Android.
Statistics show clearly that Android malware is not a myth, but a sad reality, Mr. Bestuzhev said.
There is a clear trend in new malware development attacking the Android platform, he said. It seems like nearly all the attention of cybercriminals who target mobile platforms is focused on Android at the moment.
Chantal Tode is associate editor on Mobile Marketer, New York />
- Trackback url: http://www.mobilemarketer.com/cms/trackback/12049-4