Feb 3, 2012
Google has announced some new security measures to help improve the integrity of software on the Android Market, and to prevent the spread of malicious software. This service called Bouncer is now running on Google servers, scanning for malware being uploaded to the Android Market. It does this by scanning for currently-existing malware, spyware, trojans in apps being uploaded. Google claims that all apps uploaded to the Market are run on their cloud infrastructure in order to simulate what the app will do on an Android device in order to try and determine any negative effects an app will have.
While it would have difficulty detecting new forms of malware being created, Google claims a degree of success with Bouncer: malware has decreased on the Android Market by 40%. This is cheekily included next to a mention that providers of anti-malware software are claiming that the amount of malware on the Market is increasing. This appears to be true based on Google’s claim though – as they claim a 40% decrease in “potentially-malicious downloads from Android Market” while device activations increased 250% year-over-year. So, more malware may be making its way to the Market, but Google is decreasing the rate of malware on the store.
Naturally, this is something that iOS proponents will harp on Android as being something where the malware rate on the App Store is nearly zero. This is a trade-off on Android: apps have more power and permissions in exchange for some decreased security conditions. It’s part of Android, and as Google claims – apps have to list their permissions on the Market, third-party software must be prompted to install on a device before having negative effects, there is a degree of sandboxing on the device, and Google can kill malware on users’ devices remotely. This is superior to most any desktop platform experience, still, and at least Google is trying to take steps to show that the Market is not just the Wild West that some would make it out to be.