All the sessions from Transform 2021 are available on-demand now. Watch now.
In response to a slew of malware-infected apps on the Android Market, Google introduced Bouncer as a security mechanism to keep naughty apps at bay. But according to research from two security experts, Bouncer can easily be tricked to allow malicious apps onto Google Play (formerly the Android Market).
Jon Oberheide, a security expert and CTO at Duo Security, will be presenting his findings alongside security researcher Charlie Miller at the SummerCon conference later this week. The pair have released a teaser video (below) showing one method for bypassing Bouncer.
“This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its environment,” Oberheide wrote in a blog post this morning. “While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities. We’ve been in touch with the Android security team and will be working with them to address some of the problems we’ve discovered.”
Hacks like these are to be expected, especially for new security mechanisms, so we’re fortunate that Oberheide and Miller are helping Google to plug the issue. Google needs to strike a balance between offering strict security on Android apps and living up to its open ecosystem. Apple doesn’t have as many malware issues on iOS since it rules its app ecosystem with an iron fist — which is good for security, but not so much for developer flexibility.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more