Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Adds New Layer to Android Security

Google Highlights Security Processes for Android, Adds New Layer of Security

On Thursday, Google outlined a few of their processes for protecting users and securing the Android Market. In addition, they highlighted some interesting facts, which seem to place the rash of mobile risk reports being pushed by security firms into perspective.

Google Highlights Security Processes for Android, Adds New Layer of Security

On Thursday, Google outlined a few of their processes for protecting users and securing the Android Market. In addition, they highlighted some interesting facts, which seem to place the rash of mobile risk reports being pushed by security firms into perspective.

It’s no secret that malware exists on the Android platform, and as more and more smartphones enter the market leveraging Google’s platform, the attack surface will grow – presenting an attractive target to criminals. It’s already happened in fact, as Google says that device activations for Android grew 250% last year. Application-wise, the Android Market topped 11 billion downloads. It’s only going to get bigger.

Android SecurityWith that said, Google knows that Android’s popularity and usage is only going to grow, and security companies have already started a full court press when it comes to warning business leaders and users about the risks associated with mobile device usage. However, Google is working to deal with that problem, and according to them it’s not as bad as it seems, but it’s far from perfect.

“The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market,” wrote Hiroshi Lockheimer, the VP of Engineering for Android, on the company’s blog.

“This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise. While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market – and we know the rate is declining significantly.”

So how is Google protecting the Android Market and end users? They have a bounder that deals with malicious applications. The application checker does more than screen IDs, it actually checks the code submitted to the Android Market.

“Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware, and Trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior,” Lockheimer explained.

In addition, existing applications are checked, and this layer of security rests on top of the ability revoke malicious applications that have already been installed by an end user, wiping them from a given device.

After that, sandboxing still plays a role in protection, as well as clearly marked permissions warnings, which alert the user to what the application itself is able to control and access.

“No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe,” Lockheimer concluded.

Related Reading: Mobile Malware Madness: The Changing Mobile Threat Landscape

Related Reading: Separating Fact from Hype on Mobile Malware

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...