Meet Google's Tool for Jettisoning Android Malware, Dubbed "Bouncer"

by Sam Dean - Feb. 03, 2012Comments (1)

If you're an Android user, you've no doubt seen the daunting recent reports about spikes in malware found in applications on Android Market. For example, late last year Juniper Networks reported a 472 percent increase in Android malware samples seen since July 2011. The company blamed the rise in malware on "no upfront review process" in Android Market (as opposed to the stringent review process at Apple) and other problems. Now, Google has confirmed that it is scanning applications in Android Market for malware, and is squarely focused on using technology solutions to police the problem.

Hiroshi Lockheimer, vice president of engineering for Android, said in a blog post:

"Today we’re revealing a service we’ve developed, codenamed Bouncer, which
provides automated scanning of Android Market for potentially malicious
software...The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back."

You've gotta love the name: Bouncer. Google also reports that its own analyses of Android malware trends show it decreasing:

"The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market."

So the prevalence of malware depends a lot on whose numbers you believe. That said, one of the real issues here is that Google needs to make clear that it has a policy and a strategy for attacking the Android malware problem if the company ever hopes to win over security-minded IT departments.

Many IT administrators still view Android as an untrusted platform. That's true even as Android promises to overtake Apple's iOS in terms of interest from application developers. Many people who work in large organizations where they are subject to the rule of two-fisted IT departments are already very familiar with being restricted from using Android phones and devices. With Bouncer, and a technology-centric strategy for addressing the malware problem, Google may be able to reverse Android's fortunes among business users.