Google 'Bouncer' aims to protect Android Market from malware

It’s no secret that Google’s approach to managing its Android Market has left it vulnerable to malware. We’ve reported time and again (and again, and again) on nefarious apps being discovered on Google’s app store; in November, a report from Juniper Networks, a global networking infrastructure provider, reiterated that Android leads the field as the mobile platform most affected by malware, claiming that the blame for this rests primarily with Google and its questionable app curation policies.

However, in a Google Mobile Blog post today, Android’s VP of Engineering, Hiroshi Lockheimer, revealed that the company has actually been working behind the scenes for some time on protecting the Market from malicious programs, with what it refers to as a "new layer to Android security" in the form of an automated monitoring service, codenamed 'Bouncer'.

The system scans submitted software, analysing it in order to detect malware, spyware, trojans and other security threats, comparing it with previously red-flagged apps. Bouncer can also analyse app behaviour, again comparing it with the functions and activities of previously identified malware. Existing apps on the Market, and developer accounts, are also tracked and analysed by the system, and each app – old and new – is subjected to a full automated simulation using Google’s cloud-based infrastructure, so that each of the app's functions can be tested and assessed.

Google hasn’t revealed exactly when Bouncer was introduced, but it claims that there was a 40% reduction in malware on the Market between the first and second halves of 2011. Lockheimer acknowledges that this apparently conflicts with third-party reports claiming that malware on Android is on the rise, although he also notes that the people behind such reports tend to be those that are trying to sell anti-malware and security software, implying that they have a vested interested in painting a more negative picture of Android’s security landscape.

Lockheimer underlines Google's certainty that the number of infections sourced from the Android Market has in fact fallen dramatically. This would appear to suggest that the claimed increase in Android malware infections could well be occurring through sideloaded software or via third-party app stores, which are outside of Google’s control.

Report a problem with article
Previous Story

Rumor: Windows Phone Skype app being internally tested

Next Story

Some HP fax machines recalled due to fire threat

26 Comments

Commenting is disabled on this article.

Hard to believe that an operating system which doesnt boast about this kind of stuff and can admit fault or weakness is now being targetted for this kind of accusation. Get a grip on reality sunshine, if people want to, ANY OS is vunerable, end of story. So while you sit there and mock Android, probably ushering in your own age of proving something else is better, which it could very well be, why dont you just see it as this is how an OPEN based community is, bad or good points. Security of Data is the most important thing, but you cant just build a fort knocks without having problems, and dont you worry these sort of people wake up the developers to get thier hats on and do something about it, which we know with Google, will be done.

Shahrad said,
Hard to believe that an operating system which doesnt boast about this kind of stuff and can admit fault or weakness is now being targetted for this kind of accusation. Get a grip on reality sunshine, if people want to, ANY OS is vunerable, end of story. So while you sit there and mock Android, probably ushering in your own age of proving something else is better, which it could very well be, why dont you just see it as this is how an OPEN based community is, bad or good points. Security of Data is the most important thing, but you cant just build a fort knocks without having problems, and dont you worry these sort of people wake up the developers to get thier hats on and do something about it, which we know with Google, will be done.

iOS spent way more time on market then the droid but the latter has waaay more security problems - and in the case of these two you can't blame extremely different market shares

google's management is just non-existent... i don't deny that the android police works well and fast but thats damage control not prevention; and when you have a large market share like the droid and customers who think smartphone == touchscreen you have a pretty enormous responsibility

if an open based community approach can't handle the pressure of todays' markets security issues then it's a failed approach and should be reegineered

Morden said,

iOS spent way more time on market then the droid but the latter has waaay more security problems - and in the case of these two you can't blame extremely different market shares

google's management is just non-existent... i don't deny that the android police works well and fast but thats damage control not prevention; and when you have a large market share like the droid and customers who think smartphone == touchscreen you have a pretty enormous responsibility

if an open based community approach can't handle the pressure of todays' markets security issues then it's a failed approach and should be reegineered

How can you say its failed when it hasnt been developed as much as a commercial approach. If that was the case im sure techonologies you use woul dhave gone under just because some company did it better. Through time they showed thier effectiveness, so im sorry but Android being out for x years less than Apple doesnt mean it cant be the RIGHT way to go

Shahrad said,

How can you say its failed when it hasnt been developed as much as a commercial approach. If that was the case im sure techonologies you use woul dhave gone under just because some company did it better. Through time they showed thier effectiveness, so im sorry but Android being out for x years less than Apple doesnt mean it cant be the RIGHT way to go

of course it means that, even they acknowledge that by "inventing" this bouncer thingie... the model google made IS failed, the continuously appearing security problems are great proof of this

Morden said,

of course it means that, even they acknowledge that by "inventing" this bouncer thingie... the model google made IS failed, the continuously appearing security problems are great proof of this

Not sure if you know what you're talking about... the "continuously appearing security problems" are malware appearing on the Android Market, not security flaws in the OS itself (though there have been security exploits in the various mobile OSes, otherwise there would not be any root/jailbreak).

It's like saying that Windows (and OS X, and all the other desktops OSes) are a failed model because people click on random links in emails and download random programs that are malware and accept the UAC prompt in Windows, or type in their username/password on OS X to grant the malware administrator privileges.

Of course, you can blame Google for not checking every single app that enters the Market. But I know the nature of the Android Market, and, just like when downloading programs on my Windows computer, I don't randomly download any app that comes in (more so that Android tells you what permissions the app needs - and you should be suspicious when that wallpaper app wants to make calls). Definitely non-techy users might not know how to interpret these "signals" for themselves, but I'm guessing all Neowin readers do.

The downside of the Apple approach is that the App Store is completely sealed out to apps with interesting functions all those Android apps that need root access. And note that the App Store filtering isn't foolproof either. The human and automated checks have missed several apps thus far.

Of course, all these only work for those who read and understand the model (so I'm not saying that there's no advantage to the Apple model, there is) - but think about it: the Android Market is like a flea market - get a lot of things, but some of them probably don't work well. Compared to the App Store, which is like, perhaps, a department store. You'll find some special things at a flea market you can't find at the department store, but you'll also get some duds if you're not careful.

Do they really have to say "ZOMG WE SCAN FOR MALWARE"? I mean, isn't it totally logical that a company should do this? And they're even naming it? o.o

Don't see me as a troll, I'm an Android user myself.

Coi said,
Do they really have to say "ZOMG WE SCAN FOR MALWARE"? I mean, isn't it totally logical that a company should do this? And they're even naming it? o.o

Don't see me as a troll, I'm an Android user myself.

Yes, but shouldn't they defend themselves when companies come out with skewed reports claiming "ZOMG ANDROID SHATTERS MALWARE RECORDS"?

Coi said,
Do they really have to say "ZOMG WE SCAN FOR MALWARE"? I mean, isn't it totally logical that a company should do this? And they're even naming it? o.o

Don't see me as a troll, I'm an Android user myself.


It's probably in light of recent reports about malware on the rise. Google feel it's time for a statement on this, just so people don't think they aren't doing anything.

Coi, you're absolutely right that it's a logical and rational assumption that Google would be using technology like this; I think that's a very reasonable point. But the fact that Lockheimer specifically calls out a 40% reduction between the first and second halves of 2011 appears to imply that Bouncer was introduced somewhere in the middle of last year. There's certainly no hint on Google's part that it's been in use since the Android Market launched in late 2008; all they've said is that "it's not new".

Even if we give them the benefit of the doubt and assume that they introduced it a bit earlier than mid-2011, there was still a considerable amount of time when Bouncer was clearly not in use, which enabled malware, spyware and other threats to proliferate undetected.

The fact that those threats became so prevalent on the platform is precisely the reason that Google now has to go out of its way to declare "ZOMG WE SCAN FOR MALWARE" etc.

For years, all we heard was people complaining about how insecure Microsoft software was. How easy it was to get viruses, trojans, and the like onto a MS is. How they didn't care about security. How, by adding features it allowed apps to get to, and transfer a user's personal information to hackers.

With Android we have Google selling apps, making a profit from apps, and encouraging people to install apps that are viruses, trojans, etc. Google proudly proclaimed they were internally moving off of Windows because of the security problems, while running their own malware distribution system. Months later they decide to run a virus scanner, and hopefully catch some of the problems.

So tell me, where are the people who were complaining about MS's security now? why are those people not demanding better security from Google? Why are they not demanding google stop adding features and start adding better security? The biggest group of people who were/are complaining about MS, the OSS group, are the ones who trumpet the exact cause of these problems, the openness of Android.

Shadowzz said,
also havent heard linux fanboys scream that linux never gets a single virus for over a year already it has its upsides too

How has that got to do anything with this article?

recursive said,

How has that got to do anything with this article?

Because Android is based upon Linux. The major selling point of Android was that it was based upon Linux, which made it great, wonderful, and would finally usher in the year of Linux.

Also, remember everyone, making a comment that may not be directly related to a post, recursive will complain about it. When the article about 70,000 apps in the WP7 Marketplace is published, all the people that comment about how many apps are in the Apple App store or how many viruses, er, apps are in the Android store, recursive will complain. When there is an article about the sales of WP7, and people talk about how many iPhones or Android devices are activated per day, recursive will complain. When people talk about how much better a competing OS is to Windows, recursive will complain. He doesn't like those kind of comments, and he will be fair to all competing products.

Shadowzz said,
also havent heard linux fanboys scream that linux never gets a single virus for over a year already it has its upsides too

A virus is something that uses the bodies cells to reproduce and function. A computer virus injects itself into as an example a dll file and executes code that way(hence the name Virus).
Android does not have virusses. You cannot install software on Android without the user accepting the install and it cannot inject itself into programs or giving it super user rights(rooting required). Sandboxing anyone? It's called malware so the "Linux doesn't have virus" statement still stands.

Karanlos said,
...the "Linux doesn't have virus" statement still stands.
While I wholeheartedly agree, you are arguing semantics. It's like saying, "I don't have the flu, it's just a strong cold."

Intrinsica said,
While I wholeheartedly agree, you are arguing semantics. It's like saying, "I don't have the flu, it's just a strong cold."

Yet there's a big difference between a common cold and the influenza.

That might be just semantics but it's still important to teach people the difference between a virus, a trojan, a worm, spyware, keyloggers, phishing, hacking and such.

Malware is a generic term. About anything is malware these days. I would personally consider PowerDVD as malware

Karanlos said,

A virus is something that uses the bodies cells to reproduce and function. A computer virus injects itself into as an example a dll file and executes code that way(hence the name Virus).
Android does not have virusses. You cannot install software on Android without the user accepting the install and it cannot inject itself into programs or giving it super user rights(rooting required). Sandboxing anyone? It's called malware so the "Linux doesn't have virus" statement still stands.

But there are viruses for Linux, you don't have to go further than the wikipedia article for Linux Malware to find a couple of known viruses listed among the other types of malware.
Android however operate a bit different when it comes to it's apps so I don't think any Android malware could ever be classes as a virus (not completely sure, not educated enough in Android and it's inner workings) but a a piece of malware must be able to replicate and spread between devices to be classified as a virus.

@LaP, indeed, the word virus is used far to often when people talk about computer malware seeing as how viruses got to be the least common form of malware at this point.

"Google hasn't revealed exactly when Bouncer was introduced, but it claims that there was a 40% reduction in malware on the Market between the first and second halves of 2011."

Doesn't make it seem any more secure…

Rosyna said,

Doesn't make it seem any more secure…

Based on what? The 13 "trojans/malware" Symantec mistook in the Android Market?

That's the cost of an open market vs the Apple closed market where they maintain God-like control over their apps and what's submitted / allowed.

Tim Dawg said,
That's the cost of an open market vs the Apple closed market where they maintain God-like control over their apps and what's submitted / allowed.

Yes but remember even the 'God-like' app garden that Apple has created has its own talking snakes