In response to a slew of malware-infected apps on the Android Market, Google introduced Bouncer as a security mechanism to keep naughty apps at bay. But according to research from two security experts, Bouncer can easily be tricked to allow malicious apps onto Google Play (formerly the Android Market).
Jon Oberheide, a security expert and CTO at Duo Security, will be presenting his findings alongside security researcher Charlie Miller at the SummerCon conference later this week. The pair have released a teaser video (below) showing one method for bypassing Bouncer.
“This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its environment,” Oberheide wrote in a blog post this morning. “While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities. We’ve been in touch with the Android security team and will be working with them to address some of the problems we’ve discovered.”
Hacks like these are to be expected, especially for new security mechanisms, so we’re fortunate that Oberheide and Miller are helping Google to plug the issue. Google needs to strike a balance between offering strict security on Android apps and living up to its open ecosystem. Apple doesn’t have as many malware issues on iOS since it rules its app ecosystem with an iron fist — which is good for security, but not so much for developer flexibility.