Does the Bouncer will be
effective in addressing the malware problems with Android apps?
First of all, this is a good and
really necessary move Google is taking, however the solution will
be only partial. Based on the public information around this
service, all apps will be scanned for known malware. Basically
that means a multi-scanner or something similar will be used, so
the quality of malware detection will depend greatly on what AV
engines Google will use to analyze apps. Not all AV engines have
the same quality, so there is a possibility some malicious apps
won’t be detected as malicious. The second step offered by Google
is emulation. It’s a good approach, however it can also be cheated
by anti-emulation tricks or a malicious app can be programmed to
behave differently once an emulation is detected, making the app
appear to be non-threatening. So, basically the same malware
tricks used to bypass Windows security can be implemented now on
Is it still a good idea to use a
mobile security program for protection even with Bouncer in place?
Yes, for sure it’s a good idea.
The situation is many people download apps not only from the
official Android Market, but also from third-party sources.
Nobody knows for certain what kind of apps are out there on
private market stores, run by people not affiliated with Google.
Additionally as we mentioned if Google’s multi-scanner won’t count
on all AV engines but only some of them, it’s certainly good to
use AV detection on your phone as a second opinion for anything
that might have slipped past Google’s scanner.
Are there ways for hackers to sneak
infected apps into the store despite Bouncer?
Yes and one of them is by hacking
well known and trustful developers accounts. In fact I believe
that will happen in the near feature. I say this because of Google
says it will check all new developers account. If a developer is
already known and trusted by Google, that developer account will
be a prime target for cybercriminals. Also, even though we haven’t
seen it happen yet, we know cybercriminals can start developing
apps that work differently in specific geographic zones. For
example, an app could be designed to only behave maliciously if it
detects a Latin American carrier…if the same app is used by a US
carrier, no malicious behavior will be detected. That’s also an
anti-emulation trick which can be exploited by cybercriminals in
order to avoid Bouncer detection.