To combat the growing problem of malicious Android apps sneaking into the official Android Market and onto customers' phones, Google has unveiled a new service to automatically police the market and take down offenders before they strike.
Announced yesterday (Feb. 2), the service, codenamed "Bouncer," scans the Android Market for potentially harmful apps that could compromise phones if accidentally downloaded. Bouncer, which has been in action since the second half of 2011, tackles existing apps as well as all newly downloaded entries in the Android Market.
"Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and Trojans," Android's vice president of engineering, Hiroshi Lockheimer, wrote on Google's Mobile Blog. Bouncer, he added, "also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags."
As an extra wall against a bad app invasion, Bouncer also analyzes new developer accounts to keep repeat offenders from peddling their malicious wares to susceptible Android users.
Lockheimer said despite last year's reports of nasty Android apps being found in the official Market, Google has actually seen a 40 percent decrease in "the number of potentially malicious downloads" between the first and second halves of 2011.
Explaining the discrepancy, he said, "While it's not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market — and we know the rate is declining significantly."
Though he hasn't seen many details about how Bouncer works, Jimmy Shah, mobile security researcher at McAfee Labs, said Google's introducting of the service "bodes well for Android security." But Google cannot stop here, he said.
"By itself Bouncer is not enough to clean up all infected devices or to keep all malware out of the market," Shah wrote in a company blog. "There will still be a need for further innovation in security software and for defense in depth. The Android security team has a lot of clever people on it and no doubt they will continue to improve security while maintaining Android's open nature."
Bouncer's effect will be interesting to track; with the lion's share of the smartphone market, Android users have in the past year been bombarded with a dozens of rigged apps capable of stealing phone data, sending unauthorized texts, hijacking bank account credentials, disabling the phone's anti-virus software and eavesdropping on calls.