Google has just revealed a new security system for the Android Market called Bouncer. They made this last year, and it’s been already running for a number of months, making sure that there are no malware infested applications in the Android Market. Here’s how Bouncer actually works:
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
If you caught that last part, it says they are running every single application from the Market on their own cloud systems (much like Amazon demos their Android apps, I believe, but just on the back-end and done automatically). This way they get to check every application that exists in the Android Market for malware.
According to Google, malware reports have already dropped by 40% in 2011 for the Android Market. This is an important distinction, because according to Google (and what I’ve always believed, too) the security companies that want to sell their own “anti-virus” applications are mostly talking about malware that exists in apps outside the Android Market.
This includes apps you find on pirated sites, apps that exist in other “app stores”, like say the ones in China, and so on. While Google is always looking to improve Android’s security, which is already a very secure OS compared to say Windows for most of its lifecycle, but ultimately, if you decide to get an application from outside their own Market, and from an untrusted source, then there’s little blame you can put on Google for that, and you just need to be more careful with what you’re installing. Freedom to install anything you want from anywhere comes with a price – and that price must be paid in responsibility and vigilance.