Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Starts Scanning Android Apps

Posted by timothy on from the bender's-job-between-seasons dept.

eldavojohn writes "A recent blog post has Android developers talking about Google finally scanning third party applications for malware. Oddly enough, Google claims this service (codenamed 'Bouncer') has been active for some time: 'The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.' So it appears that they allow the software to be sold even before it is scanned and it also appears that no one has been bitten by a false positive from this software. Apparently Bouncer is not as oppressive as Apple's solution although given recent news its effectiveness must be questioned. Have any readers had their apps flagged or pulled by Bouncer?"

11 of 172 comments (clear)

  1. When will they add... by Anonymous Coward · · Score: 5, Interesting

    ...a more fine-grained security model and a firewall to android?

    I understand it's a problem for Google if users can suddenly notice how much
    is transferred to Google but I think it's the only way to go in the end.

  2. Now? by C_Kode · · Score: 3, Interesting

    You figured something like this would have been in place from day one. Let's sell apps, but not worry about if they are loaded malware or viruses. /facepalm

    1. Re:Now? by Dishevel · · Score: 4, Informative

      If you had an Android device you would know that you do not need to root your phone to install apps from someplace other than Google.
      You just go into settings and select that you want to be able to install programs from Unknown Sources.
      You can try again to spread FUD if you like.
      I will wait.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    2. Re:Now? by ozmanjusri · · Score: 4, Informative

      once you jai - sorry, root the device.

      Settings/Applications/Unknown Sources.

      It's a toggle, so you can turn it back to block unknown sources after you've sideloaded whatever you wanted.

      --
      "I've got more toys than Teruhisa Kitahara."
  3. Re:Scan for quality? by ThisIsSaei · · Score: 4, Informative

    Some of the most popular Jailbroken iPhone apps have the same issues, like WinterBoard.

  4. Re:Does this mean ... by Monchanger · · Score: 5, Interesting

    Not likely. FTA:

    Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware, and trojans. It also looks for behaviors that indicate an application might be misbehaving and compares it against previously analyzed apps to detect possible red flags.

    That's a pretty good description of proper scanning for bad code. As TFS stated, this isn't the Apple paradigm where they want to control their users. The purpose is to maintain a profitable marketplace and platform by protecting users who keep hearing about Android malware.

  5. Re:Scan for quality? by Ihmhi · · Score: 5, Insightful

    It is good that they are going to finally scan for malware.

    Yes.

    But in the end Android apps need better quality control.

    No.

    Look, this site espouses the value of open source and more open markets in general. Android is pretty open as far as markets go, but the caveat that comes with that is that there is a lot of garbage. If you aggregated every, say, Wordpress blog on the Wordpress.com website, 95% of them would probably be unreadable drivel. The same goes for programs.

    If an app exists but it doesn't work for you, then go to a competing app. If an app exists, is really crappy, and is the only one of its kind, that is what we call a "business opportunity". The market lacks quality software and that's a hole that you can fill. If an app doesn't exist but it would be useful (or fun!), then do it and make some money.

    --
    Random Thoughts From A Diseased Mind (Not For Dummies)
  6. The "recent news" was retracted... by efriese · · Score: 5, Informative

    Turns out the malware was more like adware. http://securitywatch.pcmag.com/none/293699-symantec-retracts-android-malware-claims-to-align-with-lookout

  7. Re:Scan for quality? by Daetrin · · Score: 4, Insightful

    Uh, scanning for malware is great. But i don't want Google putting itself in the position of deciding what apps are "good enough" to be in their store. There have already been enough questionable decisions based on things like copyright, i don't want them having to make judgement calls on something even more nebulous like "quality."

    If you've found apps that aren't of high enough quality to suit you i suggest you just find a better app and/or tell the author what the problems are and ask them to improve it. Or if you can't find a better version and the problems really bother you that much, just uninstall it. If the problem is dealt with by Google wielding a ban hammer then it is "solved" not only for you, but also for all the people who thought the value of the app was worth dealing with the problems.

    --
    This Space Intentionally Left Blank
  8. Re:Scan for quality? by Terrasque · · Score: 4, Informative

    1. Create ArrayList
    2. Add ALL THE THINGS
    3. Forget to remove old entries when not used anymore

    Reference still exist, not considered garbage.

    --
    It's The Golden Rule: "He who has the gold makes the rules."
  9. Re:Scan for quality? by jiriki · · Score: 5, Informative

    Memory Leaks in Java are not objects that are not freed, but dangling references to data/objects that are no longer needed (often static HashMaps that people use to implement their own caches and forget to clean up, or listeners that are still registered, even if the listening object could be discarded).

    Also there are leaks in the Android WebView: http://code.google.com/p/android/issues/detail?id=9375
    So using the WebView (which many apps do) causes leaks :(
    (not the fault of the developer though)