Google has been using a home-grown tool to scan mobile applications as a way to prevent its Android Market from becoming fertile ground for malware spread, the tech giant announced Thursday.
Known as "Bouncer," the service studies new and existing applications, looking for anomalies that could signal a program that is up to no good.
"We actually run every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior," Hiroshi Lockheimer, Android's vice president of engineering, wrote in a post on the Google Mobile Blog. "We also analyse new developer accounts to help prevent malicious and repeat-offending developers from coming back."
Lockheimer credited Bouncer with lowering the number of "potentially" malicious downloads in the Android Market by 40 percent, between the first and second half of 2011. It is unclear why Google waited so long to announce the new service.
He admitted that Google's findings run counter to what many security firms have been saying, including a recent report from Juniper Networks, which found that malicious Android samples have spiked 472 percent since July, And a 2012 prediction report from Lookout Mobile Security, which makes Android security products, said more than $US1 million was stolen from Android users last year due to mobile threats, and that the annual malware-encounter rate has increased to four percent.
In November, a Google engineer, in a personal blog post, shrugged off suggestions that the Android operating system wasn't secure.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Issue: 335 | January/February 2015
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.