Researchers Find Methods For Bypassing Google's Bouncer Android Security

Trailrunner7 writes "Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Oberheide and Miller, both well-known for their work on mobile security, went into their research without much detailed knowledge of how the Bouncer system works. Google has said little publicly about its capabilities, preferring not to give attackers any insights into the system's inner workings. So Oberheide and Miller looked at it as a challenge, an exercise to see how much they could deduce about Bouncer from the outside, and, as it turns out, the inside."

A basic flaw in that idea (sort of)

[SuperKendall]

The thing is, with Android being open, this can be done without Google doing it.

But not generically! The fundamental flaw with your argument can bee easily seen simply by fully qualifying what you are saying:

"The way to solve security issues for novices is by someone building a more secure store, which of course will have to be the default store and replace the App Market for the novice users to find it".

That means not just anyone can do this - it has to be a device maker. So far the only example I can think of is Amazon, which is OK for tablets but doesn't address the smartphone market at all - again, for novice users.

I prefer Google's solution rather than Apple's.

I prefer Apple's because I have other technological things I'd rather play with than maintain a proper level of security on my phone.