Bouncer for Google… timid echoes of the Bugle

by Guest Author on July 18, 2012

in Guest Posts, Security

There is always a time in a security application’s life when the bouncer becomes the bounced. Yes, we are referring to the Google Bouncer, the initially appreciated Android app store gatekeeper, which seems to have hit its puberty a bit too hard. According to Google, the percentage of Android users who were infected by malware dropped by 40 after the introduction of the security service for Google Play store in first year. However, as some researchers have pointed out through close scrutiny, there are weaknesses in the security service that make it possible for intruders to get through undetected.

A malware in disguise

Security researchers from Trust wave, Per coco and Schulte have demonstrated, through submitting applications to Google Play, how malware can go unflagged after scanning by Bouncer. These researchers indicate that they figured out a way to conceal the activities of the malware from the security application to the point that after consistently uploading some codes they got through to having a botnet. The attack was limited by the researchers therefore it did not affect any users but it was capable of leaking passwords, contacts and other sensitive information.

There are other researchers with similar findings like Miller from Accuvant and Oberheide from Duo Security. These two also reported success in similar submissions to find cracks through the security service from Google. They found out that Bouncer runs an application merely for five minutes on a virtualized phone which makes it fairly simple to sidestep its mines for the malware by executing its code after those five minutes. This makes Bouncer function like a fixed beacon that can only spotlight malicious activity as long as it is being carried out in its scope and all the cyber criminals have to do is to make sure they stay out of its gaze. Miller also explained another lucid process that can be used against Apple’s app store. It is to put forth an apparently harmless application for submissions to the Apple app store and upon its acceptance go ahead and modify it according to the requirements for any malicious activity.

Google learns to play bounce

It is beyond doubt that Google is confronting its demons consistently and flexing its muscles after each encounter as the demons too return striking harder blows in each round. However, the researchers are inclined to think that with the plethora of ways that have been discovered to penetrate Bouncer all the measures that Google is taking to counter such techniques might fall short or at the very least not be able suffice so easily. Miller regards Google’s development efforts as picking off the low hanging fruits and fixing them whereas according to him other problems will take a lot longer for them to solve. Percoco shares the same viewpoint and implies that a bouncer working in a bar sees to it that the customers who enter and cause problems are escorted out but the security service by Google is not capable of the same response for now.

As it turns out what was introduced by Google as a great leap forward in terms of security concerns for Android apps might not be as much of a development as was previously touted. Nonetheless, Google is developing countermeasures to ensure that it continues to safeguard its users but as per the aforementioned arguments it still seems a long way to go.

[tp lang=”en” only=”y”]

Guest article by: Stella Rebecca’s major effort has revolved around latest gadgets. Recently she’s been playing with the many Spy Software for Blackberry that are diverting the interest of the new generation. Readers can find out more about what’s most recent and happening in the Spyware for Blackberry world.

[/tp]

[tp not_in=”en”]

Guest article by: Stella Rebecca’s major effort has revolved around latest gadgets. Recently she’s been playing with the many Spy Software for Blackberry that are diverting the interest of the new generation. Readers can find out more about what’s most recent and happening in the Spyware for Blackberry world.

[/tp]

Comments & Leave a Comment

comments

{ 2 comments… read them below or add one }

Julian King July 19, 2012 at 08:50

I really appreciate Google’s ongoing effort to improve its services and to remove the applications that are infected with viruses. Even if there are still issues in the process, I hope that in the future the success rate to be near 99%.
Julian King recently posted… Patio pergola plans

Reply

Peter Lee July 31, 2012 at 15:09

Google is working hard to safeguard its users. But even the best security in the world is not 100% safe. Users can’t depend totally on security software/applications to stay safe. We have to practice safe browsing habit to minimize the risks too.
Peter Lee recently posted… Google Search via Handwrite

Reply

 

Leave a Comment

CommentLuv badge

{ 4 trackbacks }

Previous post:

Next post: