In response to recent reports that malicious apps may have made their way into the official Android Market, Google has responded by announcing a new program to more proactively scan the Market and developer accounts for seemingly malicious apps and highlights and/or remove them before users experience trouble.
Traditionally, the barriers of entry for developers in the Android ecosystem have been low to get their apps placed in the official Market. This was by design, allowing Android to sprint past other smartphone platforms in adoption rates, since many apps that users wanted were likely to be there before they hit other platforms. The downside is that app authors choosing to bundle malicious, or borderline malicious apps had an easier time with distribution.
By contrast, the iPhone ecosystem represented a more closed, vetted, and more expensive environment for developers to launch their apps. This resulted in steady growth, but the more rigid process of an app making it to their official App Store deterred the more unsavory app developers from spending the extra effort to circumvent controls. In short, it was easier to spread bad things, or borderline bad things on the Android smartphones.
The new effort, called Bouncer, aims to silently scan the marketplace for rogue and borderline apps, largely transparently to the user. When a new app upload is attempted by the developer, Bouncer will do a preliminary scan to determine whether it acts malicious, or borderline.
Hiroshi Lockheimer, VP of Engineering, Android, explains in his blog on the subject that the effort “provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.”
Bouncer aims to run each app in a simulated cloud-base environment to watch for malicious activity. It will also scan for changes in existing apps. If it detects an app has changed, it will red flag it for scanning, keeping existing apps (hopefully) more malware-free. Additionally, developers exhibiting a pattern publishing malicious apps may be blacklisted. Is it working? In the second half of 2011, Mr. Lockheimer says “we saw a 40% decrease in the number of potentially-malicious downloads from Android Market,” so progress seems positive.
With an estimated 11 million apps available for Android, and a year-over-year growth rate of 250% according to Mr. Lockheimer, there’s a lot of scanning to be done. But this also speaks toward the success and ubiquity of the platform, and perceived value to users. In that department, Android has done quite well indeed.
Author Cameron Camp, ESET