Opinion

Will Google Bouncer definitely remove all malware from the Android Market?

Does the Bouncer will be
effective in addressing the malware problems with Android apps?

First of all, this is a good and
really necessary move Google is taking, however the solution will
be only partial. Based on the public information around this
service, all apps will be scanned for known malware. Basically
that means a multi-scanner or something similar will be used, so
the quality of malware detection will depend greatly on what AV
engines Google will use to analyze apps. Not all AV engines have
the same quality, so there is a possibility some malicious apps
won’t be detected as malicious. The second step offered by Google
is emulation. It’s a good approach, however it can also be cheated
by anti-emulation tricks or a malicious app can be programmed to
behave differently once an emulation is detected, making the app
appear to be non-threatening. So, basically the same malware
tricks used to bypass Windows security can be implemented now on
Android.



Is it still a good idea to use a
mobile security program for protection even with Bouncer in place?

Yes, for sure it’s a good idea.
The situation is many people download apps not only from the
official Android Market, but also from third-party sources.
Nobody knows for certain what kind of apps are out there on
private market stores, run by people not affiliated with Google.
Additionally as we mentioned if Google’s multi-scanner won’t count
on all AV engines but only some of them, it’s certainly good to
use AV detection on your phone as a second opinion for anything
that might have slipped past Google’s scanner.



Are there ways for hackers to sneak
infected apps into the store despite Bouncer?

Yes and one of them is by hacking
well known and trustful developers accounts. In fact I believe
that will happen in the near feature. I say this because of Google
says it will check all new developers account. If a developer is
already known and trusted by Google, that developer account will
be a prime target for cybercriminals. Also, even though we haven’t
seen it happen yet, we know cybercriminals can start developing
apps that work differently in specific geographic zones. For
example, an app could be designed to only behave maliciously if it
detects a Latin American carrier…if the same app is used by a US
carrier, no malicious behavior will be detected. That’s also an
anti-emulation trick which can be exploited by cybercriminals in
order to avoid Bouncer detection.

Will Google Bouncer definitely remove all malware from the Android Market?

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Subscribe to our weekly e-mails

The hottest research right in your inbox