Opinion

Will Google Bouncer definitely remove all malware from the Android Market?

Does the Bouncer will be
effective in addressing the malware problems with Android apps?

First of all, this is a good and
really necessary move Google is taking, however the solution will
be only partial. Based on the public information around this
service, all apps will be scanned for known malware. Basically
that means a multi-scanner or something similar will be used, so
the quality of malware detection will depend greatly on what AV
engines Google will use to analyze apps. Not all AV engines have
the same quality, so there is a possibility some malicious apps
won’t be detected as malicious. The second step offered by Google
is emulation. It’s a good approach, however it can also be cheated
by anti-emulation tricks or a malicious app can be programmed to
behave differently once an emulation is detected, making the app
appear to be non-threatening. So, basically the same malware
tricks used to bypass Windows security can be implemented now on
Android.



Is it still a good idea to use a
mobile security program for protection even with Bouncer in place?

Yes, for sure it’s a good idea.
The situation is many people download apps not only from the
official Android Market, but also from third-party sources.
Nobody knows for certain what kind of apps are out there on
private market stores, run by people not affiliated with Google.
Additionally as we mentioned if Google’s multi-scanner won’t count
on all AV engines but only some of them, it’s certainly good to
use AV detection on your phone as a second opinion for anything
that might have slipped past Google’s scanner.



Are there ways for hackers to sneak
infected apps into the store despite Bouncer?

Yes and one of them is by hacking
well known and trustful developers accounts. In fact I believe
that will happen in the near feature. I say this because of Google
says it will check all new developers account. If a developer is
already known and trusted by Google, that developer account will
be a prime target for cybercriminals. Also, even though we haven’t
seen it happen yet, we know cybercriminals can start developing
apps that work differently in specific geographic zones. For
example, an app could be designed to only behave maliciously if it
detects a Latin American carrier…if the same app is used by a US
carrier, no malicious behavior will be detected. That’s also an
anti-emulation trick which can be exploited by cybercriminals in
order to avoid Bouncer detection.

Will Google Bouncer definitely remove all malware from the Android Market?

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox