A malware in disguise
Security researchers from Trust wave, Per coco and Schulte have demonstrated, through submitting applications to Google Play, how malware can go unflagged after scanning by Bouncer. These researchers indicate that they figured out a way to conceal the activities of the malware from the security application to the point that after consistently uploading some codes they got through to having a botnet. The attack was limited by the researchers therefore it did not affect any users but it was capable of leaking passwords, contacts and other sensitive information.
There are other researchers with similar findings like Miller from Accuvant and Oberheide from Duo Security. These two also reported success in similar submissions to find cracks through the security service from Google. They found out that Bouncer runs an application merely for five minutes on a virtualized phone which makes it fairly simple to sidestep its mines for the malware by executing its code after those five minutes. This makes Bouncer function like a fixed beacon that can only spotlight malicious activity as long as it is being carried out in its scope and all the cyber criminals have to do is to make sure they stay out of its gaze. Miller also explained another lucid process that can be used against Apple’s app store. It is to put forth an apparently harmless application for submissions to the Apple app store and upon its acceptance go ahead and modify it according to the requirements for any malicious activity.
Google learns to play bounce
It is beyond doubt that Google is confronting its demons consistently and flexing its muscles after each encounter as the demons too return striking harder blows in each round. However, the researchers are inclined to think that with the plethora of ways that have been discovered to penetrate Bouncer all the measures that Google is taking to counter such techniques might fall short or at the very least not be able suffice so easily. Miller regards Google’s development efforts as picking off the low hanging fruits and fixing them whereas according to him other problems will take a lot longer for them to solve. Percoco shares the same viewpoint and implies that a bouncer working in a bar sees to it that the customers who enter and cause problems are escorted out but the security service by Google is not capable of the same response for now.
As it turns out what was introduced by Google as a great leap forward in terms of security concerns for Android apps might not be as much of a development as was previously touted. Nonetheless, Google is developing countermeasures to ensure that it continues to safeguard its users but as per the aforementioned arguments it still seems a long way to go.
Guest article by: Stella Rebecca’s major effort has revolved around latest gadgets. Recently she’s been playing with the many Spy Software for Blackberry that are diverting the interest of the new generation. Readers can find out more about what’s most recent and happening in the Spyware for Blackberry world.