During a teardown of a new Android application package (.APK) file, the Android Police found that Google is fast at work on a consumer-side malware detection and alert system to go along with its “Bouncer” server-side malware protection system.
The site found a string that included “package_malware_title” and “package_malware_banner_warning,” linked with consumer warnings and permissions, like “Allow Google to check all apps installed to this device for harmful behavior?” and, "Installing this app may harm your device.”
As those messages indicate, the scanner offers a double-edge protection approach: an App Check service that inspects all the device's applications already installed to determine whether any existing apps may harm the device; then, a "doorman-style app blocker" flags files as suspicious – before they’re downloaded.
Android malware is increasingly singled out as one of the fastest-growing threat vectors out there today, with incidences up significantly and even an FBI warning against the threat. Trend Micro said recently that it expected the relatively small number of existent Android malware samples at the end of 2011 to grow to a collected library of 3,000 samples during the first quarter of this year, and to 11,000 by the end of the second quarter. The reality has been much worse: it hit 6,000 during Q1 and 25,000 by the end of Q2. Android malware is increasing at more than double the predicted rate, and looks to be heading toward more than 250,000 by the end of 2012, Trend Micro said.
And when it comes to targeting Android-based mobile devices, “it is fully functional and mature, and mobile malware writers know what they are looking for: consumer and business data,” McAfee warned recently.
Bouncer, meanwhile, was announced in February and has already been deployed, in an effort to prevent rogue apps from entering Google Play to begin with. This performs a set of analyses on new applications, applications already in Android Market and developer accounts, looking for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.
“We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior,” Google noted. “We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.”
Unfortunately, given the rise of a malware tsunami for the Android platform, it’s not proving to be enough to keep Droidsters safe. No word on the rollout schedule for the client-side functionality, but it clearly can’t come fast enough.