By Steve Ragan
On Thursday, Google outlined a few of their processes for protecting users and securing the Android Market. In addition, they highlighted some interesting facts, which seem to place the rash of mobile risk reports being pushed by security firms into perspective.
It’s no secret that malware exists on the Android platform, and as more and more smartphones enter the market leveraging Google’s platform, the attack surface will grow – presenting an attractive target to criminals. It’s already happened in fact, as Google says that device activations for Android grew 250% last year. Application-wise, the Android Market topped 11 billion downloads. It’s only going to get bigger.
With that said, Google knows that Android’s popularity and usage is only going to grow, and security companies have already started a full court press when it comes to warning business leaders and users about the risks associated with mobile device usage. However, Google is working to deal with that problem, and according to them it’s not as bad as it seems, but it’s far from perfect.
“The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market,” wrote Hiroshi Lockheimer, the VP of Engineering for Android, on the company’s blog.“This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise. While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market – and we know the rate is declining significantly.”
So how is Google protecting the Android Market and end users? They have a bounder that deals with malicious applications. The application checker does more than screen IDs, it actually checks the code submitted to the Android Market.
“Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware, and Trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior,” Lockheimer explained.
In addition, existing applications are checked, and this layer of security rests on top of the ability revoke malicious applications that have already been installed by an end user, wiping them from a given device.
After that, sandboxing still plays a role in protection, as well as clearly marked permissions warnings, which alert the user to what the application itself is able to control and access.
“No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe,” Lockheimer concluded.