Researchers Beat Google's Bouncer

An anonymous reader writes "When earlier this year Google introduced Bouncer — an automated app scanning service that analyzes apps by running them on Google's cloud infrastructure and simulating how they will run on an Android device — it shared practically nothing about how it operates, in the hopes of making malicious app developers' scramble for a while to discover how to bypass it. As it turned out, several months later security researchers Jon Oberheide and Charlie Miller discovered — among other things — just what kind of virtual environment Bouncer uses (the QEMU processor emulator) and that all requests coming from Google came from a specific IP block, and made an app that was instructed to behave as a legitimate one every time it detected this specific virtual environment. Now two more researchers have effectively proved that Bouncer can be rather easily fooled into considering a malicious app harmless."

pretty easy to fix, though

[Trepidity]

It seems like they just found that the sandbox Google simulates the apps in is a little sloppy in its simulation (IP addresses are predictable), so it's easy to tell you're inside the sandbox. But they could fix that part pretty easily.

Was hoping for something more halting-problem-esque, since it's really difficult to "scan an app for malware" in general.

Community Relations

[schitso]

"Google was aware of and blessed the research, and has been apprised of its results so that it can make changes and better secure Google Play against malicious individuals."

"A renowned security researcher who claims he discovered a flaw in iOS was kicked out of Apple's iOS Developers program."

Just sayin'.