Google implements Chrome app scanning for G+ developer site

Starting today in the Chrome web store, Google will be adding “additional checks” for apps submitted by developers – additional checks that include a “scan” of new software, it said by way of official blog. As a result, it could take up to 60 minutes for an app to publish to the store. “Unless we see something worrisome, most items should be publicly available several minutes after publishing, almost always within 60 minutes,” Google added.

The unspoken assumption here is that if an application takes longer than an hour to be cleared for takeoff, the Enhanced Item Validation process has likely identified suspicious behavior within the application, Google said.

For developers, the process will be seamless and requires no action. When developers publish an item in the store, the developer dashboard will indicate the item is in the process of being published. Developers can cancel the publishing process during that time if they want to make any changes to the item, or can simply wait it out.

Google has always maintained that its level of security in its Play app store and for its browser is a differentiator, thanks to regular hacking contests and ongoing tweaking. At March’s CanSecWest security conference, Google’s Chrome team took part in the Pwn2Own hacking contest and hosted its own, the third iteration of its Pwnium competition. While there weren’t any “winning” entries at Pwnium – i.e., no full exploits against the browser were developed – Google did pay out a partial reward to the teen hacker named Pinkie Pie.

Recently, though, the browser has gotten a little negative pubicity. Last week, Chrome was found to be vulnerable to camjacking – i.e., clickjacking aimed at taking over a PC’s webcam – and although Adobe fixed the Flash vulnerability that allows it back in 2011, it lives on in the Flash implementations of Chrome. In April, a malware trojan was revealed as a malicious browser extension specifically targeting Chrome and Mozilla Firefox and designed to hijack the victim’s Facebook account.

In May, a comparative analysis of browsers from NSS Labs showed that Internet Explorer is the most effective at blocking malware (blocking 99.96% of the samples). Then comes Chrome at a still-respectable 83.16%. The other top three lag far behind, by way of comparison: Safari (10.15%), Firefox (9.92%), and Opera (1.87%).

Nonetheless, scanning native apps would seem one good way to improve the security posture for all users. “One of the driving principles of the Chrome browser and platform is security”, the company wrote in its blog. “We’re always looking for ways to increase the security for our users and developers, because a trusted platform becomes more widely adopted.”

What’s hot on Infosecurity Magazine?