Saturday, 4 February 2012

Google rolls out Bouncer to scan malware

Google Inc has been quietly policing its online store for months now in an acknowledgement of malware's growing threat to its increasingly popular Android mobile software. 

The new sheriff in town is Bouncer: a security service Google put in place to scan new apps as developers load them onto Market, its applications store. 

Bouncer sweeps apps for potentially malicious behavior and also analyzes new developer accounts to prevent "repeat-offenders" from distributing their wares, Google says. Those heightened efforts are paying off, it added. 

"While it's not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market - and we know the rate is declining significantly," Hiroshi Lockheimer, a vice president of engineering at Google's Android unit, wrote in a blog post Thursday. 

With the implementation of Bouncer, Google noticed a 40 percent drop in the number of "potentially malicious downloads" from Android Market at a time when the proliferation of malware was beginning to become a problem, according to Lockheimer. 

Lookout, a security research firm, published a report in December estimating that more than $1 million had been stolen from Android users in 2011 as a result of malicious software downloads, and said that figure could rise dramatically. 

Lookout's cofounder, Kevin Mahaffey, lauded Google's moves. 

"It is great that Google is working with the Android community to provide an alternative to a manual curation process, allowing developers to innovate quickly while also increasing the baseline level of security for Android users," Mahaffey said. 

Bouncer marks a new direction for Google, which until now has trumpeted its laissez-faire approach to managing the apps market - as opposed to Apple Inc, which famously subjects apps to a rigorous evaluation process before they can be downloaded. 

The freedom of the Android market - and developers' preference for its openness - has helped boost the platform's swift growth and sharpen its competition with Apple's iOS mobile platform. In December, less than three years after it was launched, Android Market reached 10 billion total downloads. 

"The reason that Android is kind of cool is you can do anything you want and there's no overlord," said Charlie Miller, a security consultant with Accuvant who made news last year when he smuggled malware onto Apple's App Store to demonstrate its vulnerability. 

"But Google is doing the smart thing," Miller said, "Malware was getting to be a bit of a problem and it's better to take care of it now instead of letting get out of control."

No comments:

Post a Comment