Security Experts:

Google to Scan Third-party Android Applications On Devices

Earlier this year, Google introduced Bouncer, a security measure that scans applications for maliciousness as they are uploaded to Google Play. It isn’t a foolproof security model, but it helps. Google is now extending that functionality and placing it on the mobile device itself, according to reports.

When Bouncer checks applications as they are submitted to Google Play, they are simply scanned and run in virtual environment in order to determine if they are performing any shady acts. In addition to scanning them as they are uploaded, Bouncer also scans apps already included in the repository. Bouncer isn’t flawless however, and there have been cases where malware has bypassed its checks.

Another way for criminals to bypass Bouncer’s protections is to place the applications in third-party app stores. When it comes to malware and other Android-based threats, a majority of those problems originated from external marketplaces – where pirated apps are housed and where anything goes as far as development.

According to JR Raphael, a blogger for Computerworld, Android 4.2 has a new security feature that will address this issue. Google has implemented a security measure into the new OS, which if enabled by the user, checks apps in real-time for malicious code. The new system checks for problems locally, augmenting Bouncer’s remote checking, but its focus is centered on apps installed from third-parties.

The checking is opt-in, so it must be enabled to work. However, one it is activated, then the APK signature of a given application is sent to Google, who in turn checks that signature against a list of known malicious applications.

Android VP of Engineering Hiroshi Lockheimer told Raphael in an interview that Google has “a catalog of 700,000 applications in the Play Store, and beyond that, we're always scanning stuff on the Web in terms of APKs that are appearing.”

It’s a simple additional layer of protection, but a useful one since Google keeps tabs on malicious apps thanks to their ties to the security community. If the app is safe, then it runs as expected, if the app raises a red flag or two, then the user is given a visual warning. Yet, if the APK signature matches one known to be malicious, installation is blocked.

As for other protections in the latest build of Android:

“...last but not least, Android 4.2 has an added behind-the-scenes feature that alerts you anytime an app attempts to send a text message that could cost you money. If an app tries to send an SMS to a known fee-collecting short code -- a number that'd automatically bill your carrier when it receives a message -- the system jumps in and alerts you to the action. You can then opt to allow or deny the process,” Raphael wrote.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.