Google's Bouncer scans the Android Market for Malware
Google has apparently been scouring the Android Market in search of malicious applications since 2011. Writing on the Google Mobile Blog, Hiroshi Lockheimer, VP of Engineering, Android, explained that an automatic service named "Bouncer" also analysed new apps submitted to the market for trojans and spyware.
Bouncer runs each app in a simulated environment on Google's cloud infrastructure and simulates how the app will be run on an Android device. During this run, it is examined for malicious but hidden behaviour. In 2011, Google acquired the German security vendor Zynamics, but it is unclear whether Zynamics technology is in use in the Google malware scanning. Developer accounts are also analysed in an attempt to block developers who regularly submit malicious applications into the store.
According to Lockheimer, between the first and second half of 2011 there was a 40% drop in the number of "potentially malicious downloads from the Android Market". He notes that this decrease comes at the same time that "companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise" and suggests that the metric of number of downloads is a more accurate indicator of the impact of malware authors.
Talking with TechCrunch, Lockheimer went further, saying that "There’s this impression that Android is a huge target for malware, and I really don’t think that’s the case". Even AV vendors can't agree what counts as malignant software now. Recently, Symantec warned of thirteen infected apps in the Market which competitor Lookout classed as aggressive adware.
(djwm)