Samker's Computer Forum - SCforum.info
World TOP Headlines: => Latest Security News & Alerts => Topic started by: Pez on 07. February 2012., 08:41:12
-
There is a new guard working at the Android Market, and his job is to pat-down new apps for malware, spyware, and other threats. Google introduced the security tool, “Bouncer”, in an effort to beef up security in its app market. Do you feel safer downloading Android apps now that there’s a bouncer out front?
Android’s spirit of openness is one of the platform’s biggest selling points. It’s a come-one, come-all approach to app developers who want to get their wares out to the masses. But with such openness comes a huge liability: app security. With no roadblocks in place for developers who want to upload their apps, there’s potential for spyware, malware and other nasty apps to sneak inside Google’s mobile market.
Google wants to fight back. The company unveiled a new security service for the Android Market today that aims to auto-scan uploaded Android applications to detect potentially malicious apps more quickly, ideally before users download them. Codenamed Bouncer, the new service searches for threats without requiring any pre-approval process, continuing to keep the Market as “open” as it has always been.
“Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans,” wrote Google VP of engineering Hiroshi Lockheimer in a company blog post. “It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.”
The new security service has already been working for the past few months. After finding an app that violates the rules — be it malware, spyware or whatever — the Android team takes the application down and bans the developer account from uploading any more apps. Further, Google continues to check new Android developer account sign-ups, so repeat offenders won’t continue to upload nasty apps under a different user name.
“Application scanning doesn’t just happen at the time of upload,” Lockheimer wrote. “We continuously analyze existing applications, too. That way, as our knowledge and technology improve over time, we can better monitor and analyze all apps in Android Market.”
In the world of mobile apps, there are certain positive aspects to cultivating a walled garden. Apple’s App Store only approves apps after putting them through a rigorous approval process, ultimately nixing apps that aren’t up to snuff for whatever reason — be they malware, or merely crappy pieces of software. In theory, this makes for a curated, quality-controlled experience inside of the app store; it’s like walking through Nordstrom’s rather than Walmart.
Google’s philosophy differs from this completely. Espousing a culture of openness, the Android Market requires no vetting process for pre-approving apps, no censor as to what sort of content can go in (unless it specifically violates the Android developer distribution agreement) and no wait times to get apps inside the market. Even the Android platform itself is built atop open source software. For all intents and purposes, it’s everything Apple’s App Store isn’t.
And Apple’s approval process can raise the hackles of those not privy to the company’s standards. Developers often grouse about the amount of time it takes to move an app through Apple’s approval process — anywhere from a few days to a few weeks — and that’s only compounded when an app is rejected and the developer is forced to resubmit it. Further, Apple’s guidelines for taste are highly subjective. In 2010, the company famously banned a comic book version of James Joyce’s Irish literature classic Ulysses for including a picture of cartoon breasts. If the same app were submitted to the Android Market, Google philosophy would essentially be, “bring on the boobs.”
At the same time, there are drawbacks to openness. The very nature of a non-vetted, open market means it is more susceptible to malicious applications, a fact often promoted by third-party security researchers. Mobile security outfit Lookout claims over $1 million was stolen from Android users in 2011 as a result of “mobile threats,” according to a report released in December.
There’s a big caveat to that stat, however. Most of the malware discovered isn’t on the official Android Market. Instead it’s uploaded to third-party alternative markets, many of which are Chinese and not easily accessible.
“The official Android Market is the smaller target,” McAfee mobile security researcher Jimmy Shah told Wired in an interview. “That’s the area we’ve seen the least malware in thus far.”
Moreover, you’re more likely to be targeted if you’re engaging in app piracy, or trying to download apps for free on third-party markets that you’d otherwise have to pay for on the official market.
“It’s like saying if you don’t want to get mugged, don’t walk into a dark alley,” Shah said.
In other words, Android Market users who keep their nose clean and steer clear of stealing apps don’t have much cause for concern. And if users are still worried about the apps they’re thinking of downloading, Shah suggests browsing the user-submitted review history found on every individual app’s market listing.
Ultimately, Google’s new services are another stopgap in keeping mobile devices safe. But if you aren’t stupid and don’t download crappy knock-off apps from unofficial sites, you’ll probably be fine anyway.
Orgianl article: By Mike Isaac Email Author February 2, 2012 | 4:09 pm | Categories: Phones, Security, Software and Operating Systems (http://www.wired.com/gadgetlab/2012/02/google-android-malware-scanner/)
-
This is excellent news, hope they will be successful... :thumbsup:
Here is Google's official statement: http://googlemobile.blogspot.com/2012/02/android-and-security.html (http://googlemobile.blogspot.com/2012/02/android-and-security.html)