Google’s Android open platform is so good, so open and so flexible that it allows developers to do virtually anything. And here is also the problem – developers can do virtually ANYTHING on your phone.
This has opened up the Android Market to abuse by developers who insert malware into their seemingly innocent applications. These could be simple but annoying adverts down to the more serious forcing your phone to SMS and dial premium numbers. My own personal experience with such app is documented here.
A report published in December 2011 by Lookout, a security research firm estimated that more than $1 million had been stolen from Android users in 2011 as a result of malicious software downloads, and said that figure could rise dramatically.
Google has been proactively looking at how to protect their customers and has announced their new security-enhancing service. The system with a cool and descriptive codename “Bouncer” which automatically scans the Android Market for suspicious activity. All applications submitted to the Marketplace are firstly scanned by the Bouncer to ensure there are no “funnies” hiding inside.
Bouncer keeps tab of developers’ accounts to identify those repeat offenders and keep them off the Marketplace. A Great step as typically a development house will submit multiple applications with their malware hidden inside.
Hiroshi Lockheimer, Android’s VP of Engineering, confirms that Bouncer scans uploaded apps for “Spyware, Trojans or any other lethal components, while looking out for any suspicious behavior” . There is a 40% drop between the first and second halves of 2011 in the amount of malware application in the Android Marketplace since the covert introduction of Bouncer according to Lockheimer
After my experience, I feel safer already.
Official Google Mobile Blog announcement: http://googlemobile.blogspot.com/2012/02/android-and-security.html