In the recent months the amount of malware in the Android Market has continued to climb, or the reports have at least. When something gets as big and popular as Android you will always have those people looking to cheat, steal, and attack anything they can. Today Google has announced their plans and system to curb all of that. They are calling it the Android Market Bouncer — like that guy in a suit standing by the door.
This isn’t all either. Google already has multiple systems in place, from features and sandboxes built in to prevent these types of problems or information theft, to a system where they can quickly pull the ban hammer out and delete malicious apps from the market — even right off your device if severe enough. I’ve never had a malware problem myself, but some claim it is still an issue for Android.
The new Market Bouncer will work in a few ways. For one it will scan every Android Market application on Google’s cloud services and simulate it running on a device. Then check for malware or suspicious activity. And secondly, the new system will scan each app as they are introduced into the Market upon the approval process. So this will watch and protect us from new apps, and current apps that might get updated or introduce malware or suspicious activity.
Google says this will not affect the submission and approval process and works in just a few seconds — as long as your code and application are clean. What about wrongly flagged apps being removed from the market? That won’t happen either as once an application is flagged Google’s team will manually investigate the application to make sure before wrongly pulling an app or game.
I am really liking this forward thinking and positive approach to malware. What do you guys think? Google ends the security post on a good note and had this to say:
No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.
Its about time they did something!
Forward thinking? They should have done this two years ago.
Thanks Google! I’m glad you’re doing your part to keep us safe.
And, Cory, “clime” ? Really?
lols oops
Sometimes I wonder if the writers of articles actually studied English or check what they’ve written before posting.
“not effect the submission” —- should be “not affect the submission””That wont happen” —- Should be “That won’t happen””right off your device is severe enough” —- Should be “right off your device if severe enough”This sloppy English really grates and spoils my enjoyment of Android Community news posts.
I’d like for them to offer more information when you see what the app requires in terms of features. And perhaps open up the API more so that authors who require feature X are not flagged as requiring features X+1.
I am glad they are doing this as there needs to be a system in place but with the people who are saying they should have done it sooner…you need to realize something like this takes time and I would much rather have choice in apps than the Apple way of not allowing me to change even a calendar app. So you want freedom of choice and have it locked down for security? Make up your minds! Google is trying to let you have your Ice Cream Sandwich and eat it too, have some patience.
Still, it doesn’t prevent direct update. Even if a piece of software that been check out to be completely clean by the Bouncer (that is it doesn’t send back the creator with “so called market info”. like geotagging, cookies, hidden premium calls, listening to calls & etc.)
And once it in your system sooner or later that particular app may request a direct update, these new codes of update cannot be checked by the Bouncer, because it not in the android market in the first place.
The Bouncer (and perhaps the OS itself) should completely remove the concept of direct software update or a patch up job and treat it as a compete software revision instead. e.g. If I’ve got an app called “IRcamera 1.0” and got a pop up message saying it old and require an update. The user should uninstall the 1.0 and install 2.0 from the Android Market.
There are good reasons for this since it forces the developer to be more creative with theirs codes and more “efficient”, meaning consuming less battery power, faster speed for running an app, but more importantly it easier for the Bouncer to pick up any malicious coding (I guess it similar to sandboxing security). Also, I’m sure if it true in a coding world, but like a chemistry set sooner or later hacker will create 2 or more apps where any one of these app may seem legit by the Bouncer, but once the right combination of apps were install then it become a malware?!