There was a big dust-up recently when Symantec claimed that a lot of Android applications were malware in disguise. Phooey. Symantec has since recanted, but I was delighted to see Google's revelation last week about the existence of "Bouncer," which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process, wrote Hiroshi Lockheimer, vice president of engineering for Android, in a post on the Google Mobile Blog.
When an application is uploaded, Bouncer immediately starts analyzing it for known malware, spyware, and trojans. The service also looks for suspicious behaviors and compares it against previously analyzed apps to detect possible red flags.
Even better, new developer accounts are analyzed to help prevent the return of developers who have submitted malicious software in the past. Bouncer has apparently been at work for some time and Android malware has dropped 40% between the first and second half of 2011.
Even before Bouncer existed, Google had a fair number of tools to protect against malware, including sandboxing, a tight permissions system and the ability to ditch malware fast. Even with Bouncer, no protection is perfect, but many experts now believe that Android security is really quite high while avoiding the constraints of Apple's walled-garden.
Love the name Bouncer and the image it creates. Hat tip to friend Dave Ries.
E-mail: email@example.com Phone: 703-359-0700