Forgot your password?
typodupeerror
Android Cellphones Google Security Software

Google Starts Scanning Android Apps 172

Posted by timothy
from the bender's-job-between-seasons dept.
eldavojohn writes "A recent blog post has Android developers talking about Google finally scanning third party applications for malware. Oddly enough, Google claims this service (codenamed 'Bouncer') has been active for some time: 'The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.' So it appears that they allow the software to be sold even before it is scanned and it also appears that no one has been bitten by a false positive from this software. Apparently Bouncer is not as oppressive as Apple's solution although given recent news its effectiveness must be questioned. Have any readers had their apps flagged or pulled by Bouncer?"
This discussion has been archived. No new comments can be posted.

Google Starts Scanning Android Apps

Comments Filter:
  • Does that mean that app like ROM manager or Titanium Backup will be wiped away, considered as viruses because they need root access to work ?

    • by Monchanger (637670) on Friday February 03, 2012 @10:50AM (#38914725) Journal

      Not likely. FTA:

      Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware, and trojans. It also looks for behaviors that indicate an application might be misbehaving and compares it against previously analyzed apps to detect possible red flags.

      That's a pretty good description of proper scanning for bad code. As TFS stated, this isn't the Apple paradigm where they want to control their users. The purpose is to maintain a profitable marketplace and platform by protecting users who keep hearing about Android malware.

      • by Aladrin (926209)

        I think the most important part is actually "possible red flags". This automatically scans, but doesn't seem to automatically ban.

        • Good catch. But note that "possible red flags" appears in the second part of the quote (after "also looks for"), which discusses only the case where the scanned app shares a similarity to other apps of concern- those potentially containing unknown malware.

          The way I read it is if known malware is detected, it could/should be automatically blocked. But sharing "similarity" with other applications would be a second category which may require more analysis before getting blocked.

  • by Anonymous Coward on Friday February 03, 2012 @10:36AM (#38914533)

    ...a more fine-grained security model and a firewall to android?

    I understand it's a problem for Google if users can suddenly notice how much
    is transferred to Google but I think it's the only way to go in the end.

    • by Terrasque (796014)

      ..a more fine-grained security model and a firewall to android?

      Well, it is rather fine-grained. Especially when compared to the other smartphone market leader. But yeah, there are some things that could be done better.

      And regarding firewall:
      1. Google release firewall
      2. Users start blocking ad servers
      3. World goes under

      • by gl4ss (559668)

        it's pretty generalistic when compared to market leader j2me(by numbers, don't argue). it's also a lot less "in your face" though. who the fuck wants to press yes 6 times to create a file?

        thing is, what would be needed would be the option to allow/disallow actions when they happen(with "allow always" "allow for a day" etc options) - not at install time. and for example if it's sending a sms, show where it's sending it when asking for permission - and for each app there could be a option to view their securi

        • by swillden (191260)

          it's pretty generalistic when compared to market leader j2me(by numbers, don't argue)

          I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.

          thing is, what would be needed would be the option to allow/disallow actions when they happen(with "allow always" "allow for a day" etc options) - not at install time. and for example if it's sending a sms, show where it's sending it when asking for permission - and for each app there could be a option to view their security log from app manager.

          I posit that would reduce security, not enhance it. It's difficult enough to convince users to take the time to read the permissions they're granting during installation. Later popups would quickly train users to just dismiss any security prompts, especially because they would come up at a moment when the user is, presumably, trying

          • by Hentes (2461350)

            I'll argue. J2ME barely shows in the smartphone market. Dumbphones aren't relevant to a conversation about platforms that support user-downloadable third-party applications.

            The whole point of JME is to support user-downloadable third-party applications. JME was also supported on smartphones, for example on Symbian.

      • by iluvcapra (782887)

        Protecting ad flow is the new DRM :O

    • Android is the only smartphone with fine grained security. Applications only have as much access that is granted to them when you download the application.
      • by wvmarle (1070040)

        Unfortunately it's grant-all basis only. As in app requests a bunch of permissions, and you can not deny one or two of those requests. You must grant them all, or deny (and not install the app). It is only fine-grained as in there are many different, well-defined permissions an app may request. And of course the good thing is that they're all listed when you install a new app, and you're re-requested to give permission if this changes in an upgrade.

        But there are issues. I have a 4-in-a-row game on my phone,

        • by idontgno (624372)
          A privileges-control software package like LBE Privacy Guard purports to control individual app access to distinct individual permissions. I use that app, and it seems to work, but if it leaks access, I'm not certain I'd be able to tell, so YMMV.
    • There already is a firewall in android, it's built in the kernel, and just needs a frontend.
      Personally, I use DroidWall as a frontend for iptables. Is free and works great.
      The funny thing is, I use it mainly to restrict data from leaving my phone, since a lot of apps nowadays insist on having internet access, and can't be trusted with my personal data. A nice side effect of this is that is also blocks ads.
      • by thegarbz (1787294)

        The problem is the damage that can be done to a phone that does not involve an IP connection.

        How about a firewall that prohibits all interstate and international calls? Or stops SMS text messages for all except a few selected apps? The idea of a firewall is really outdated and limited when you're talking about the security of a mobile phone. Many of the phone based scams will sign you up to subscription services via the telephone, not via the internet.

        +1 on Droidwall though, it works great.

    • by mattr (78516)

      Seriously. I was recently looking to install a firewall on my HTC Evo 4G. The apps I found all had tons of useless crap and the firewall portion requires root. I don't want to root my device since I get no support anymore then. In fact I submitted a bug (.Mail folder redownloads all attachments until >1GB in size) and they tried to weasle out when they thought it was rooted.

      I had some hopes for Moxie Marlinspike's WhisperMonitor.. not sure if it requires root but probably does. I can't tell because Twitt

    • by Hentes (2461350)

      The problem is that even if they did it would take years for the hardware manufacturers to catch up. Many problems with security are fixed but most Android phones still lag 2 versions behind.

  • Now? (Score:4, Interesting)

    by C_Kode (102755) on Friday February 03, 2012 @10:36AM (#38914535) Journal

    You figured something like this would have been in place from day one. Let's sell apps, but not worry about if they are loaded malware or viruses. /facepalm

    • I made all kinds of assumptions about the way that these app stores are run in the early days. That they'd not only scan for malware but even inspect the source.

      But no, turns out that with both Android and iOS, you get the freedom of a walled garden with the safety of a sketchy warez site.

      • by Dishevel (1105119)

        Android has no wall.
        You can download from Google, or any place else.
        No walled garden needed.

    • by Dishevel (1105119)

      Forgive my squirrley ignorance.
      But as to you signature.
      Is it not written on the sacred scrolls that all Muds should be written in C?

  • by efriese (681859) on Friday February 03, 2012 @10:59AM (#38914863)
    • by webheaded (997188)
      Well to be fair that's only 1 type and that particular one in the article there is actually pretty borderline malware. Applications that do what this this article describes, to me, seem like malware. It switches your browser settings and adds shortcuts to your desktop. That's kind of ridiculous. I'm not a fan of Symantec...but in this particular case, I don't really think they were in the wrong.
    • by Hatta (162192)

      Adware is malware.

  • by Anonymous Coward

    So it appears that they allow the software to be sold even before it is scanned and it also appears that no one has been bitten by a false positive from this software.

    Why does it 'appear' that they allow the software to be sold even before it is scanned? It could be true but it doesn't seem to follow from anything else that was said. It sounds as if it scans items that "are in the market" but that doesn't necessarily mean they aren't scanned before they go into the market, just that they continue to be scanned as the scanning techniques improve/change.

    Why does it 'appear' that no one has been bitten by a false positive? I don't see anything that could lead to that conclu

    • by gl4ss (559668)

      because nobody's bitched about it on any dev forums? vs. the amount of people who have bitched about being pulled from apple store with a legit app.

      "it appears" is there exactly for that it's just appears so, that it might not be so, but for he time being it seems so.

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Working...