In a blog post on the Google Mobile Blog, Google today unveiled a new service, codenamed “Bouncer,” that will automatically scan the Android Market for potential malware. It does this “without disrupting the user experience” and without developers having to go through an app review process. Google explained Bouncer would apply not only to newly submitted apps, but also to existing Android Market apps. As a method of stopping repeat offenders, Google will also scan for malicious apps in developer’s accounts. Here is how it works:
…once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior.
Despite the rollout of the new tool, the blog post also noted that the Android Market witnessed a 40 percent decrease in the number of malicious downloads during 2011 and discussed Sandboxing, Permissions, and Malware removal features built into Android to “make mobile malware less disruptive.”
Vice President of Engineering on the Android team Hiroshi Lockheimer talked to Cnet about the service this morning who noted Google has been testing Bouncer for a “number of months”:
“The system takes an app that’s been uploaded and runs it in the cloud and monitors what the app is doing in a virtual environment, if you will…It won’t get uploaded at all if it is an instance of known malware….It’s not like there is a rampant malware problem…Think of it as an insurance policy…to ensure that Android continues to be a safe place.”