Whether accurate or exaggerated, claims of rampant malware apps have haunted the Android Market. Now, Google’s Android team is announcing Bouncer, a new security mechanism that should prevent bad apps from ever making it into the Market.
It’s a programmatic solution that’s allegedly good for both the goose (or users, in this case) and the gander (honest mobile developers who don’t want to wait through a lengthy application process à la the Apple App Store’s).
Bouncer, wrote Android engineering VP Hiroshi Lockheimer on the company blog, “provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.”
Lockheimer revealed that Bouncer has already been in use for a while and has led to a 40 percent drop in the number of malware downloads from the Market.
This kind of security, if it works and works well, could potentially have very positive effects for the Android Market itself and for the Android operating system’s PR issues — and yes, a lot of the FUD around Android malware is PR, not facts, generated by mobile anti-virus companies and the Apple camp.
Here’s how Bouncer works: The program analyzes new apps submitted to the Android Market as well as apps already in the Market. It also screens developer accounts. Bouncer recognizes malware, trojans, spyware, and a range of other red-flag-type behaviors.
“We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior,” Lockheimer said.
And since Bouncer crawls developer accounts as well as individual applications, it can identify repeat offenders and prevent them from introducing more bad apps into the Market.
“No security approach is foolproof, and added scrutiny can often lead to important improvements,” Lockheimer concluded.
“Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.”