Will Google Bouncer definitely remove all malware from the Android Market?

Does the Bouncer will be
effective in addressing the malware problems with Android apps?

First of all, this is a good and
really necessary move Google is taking, however the solution will
be only partial. Based on the public information around this
service, all apps will be scanned for known malware. Basically
that means a multi-scanner or something similar will be used, so
the quality of malware detection will depend greatly on what AV
engines Google will use to analyze apps. Not all AV engines have
the same quality, so there is a possibility some malicious apps
won’t be detected as malicious. The second step offered by Google
is emulation. It’s a good approach, however it can also be cheated
by anti-emulation tricks or a malicious app can be programmed to
behave differently once an emulation is detected, making the app
appear to be non-threatening. So, basically the same malware
tricks used to bypass Windows security can be implemented now on

Is it still a good idea to use a
mobile security program for protection even with Bouncer in place?

Yes, for sure it’s a good idea.
The situation is many people download apps not only from the
official Android Market, but also from third-party sources.
Nobody knows for certain what kind of apps are out there on
private market stores, run by people not affiliated with Google.
Additionally as we mentioned if Google’s multi-scanner won’t count
on all AV engines but only some of them, it’s certainly good to
use AV detection on your phone as a second opinion for anything
that might have slipped past Google’s scanner.

Are there ways for hackers to sneak
infected apps into the store despite Bouncer?

Yes and one of them is by hacking
well known and trustful developers accounts. In fact I believe
that will happen in the near feature. I say this because of Google
says it will check all new developers account. If a developer is
already known and trusted by Google, that developer account will
be a prime target for cybercriminals. Also, even though we haven’t
seen it happen yet, we know cybercriminals can start developing
apps that work differently in specific geographic zones. For
example, an app could be designed to only behave maliciously if it
detects a Latin American carrier…if the same app is used by a US
carrier, no malicious behavior will be detected. That’s also an
anti-emulation trick which can be exploited by cybercriminals in
order to avoid Bouncer detection.

Will Google Bouncer definitely remove all malware from the Android Market?

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox