Google to fight malware on Android handsets
Google appears to be planning to fight malware on the handset level, according to a report posted to the Internet on Monday.
The report, posted Monday by enthusiast site AndroidPolice, analyzes a new resource file for the Google Play Store app. Resource files are loaded into memory before an application begins to run.
According to Anand Sundaram, director of mobile products for cyber security maker Bit9, the resource file analyzed by AndroidPolice shows two things. It's going to analyze all the apps on a handset to determine, through the use of malware signatures, if any of them are infected. It's also going to warn you when you try to download an app that it thinks will be bad for your handset.
"In true Google fashion, they're also considering having a button that says, 'Shut up and let me do what I want to do,'" he observed.
Google did not respond to our request for comment for this story.
Earlier this year, Google announced a program, called Bouncer, aimed at weeding out malicious apps pushed through its Android Market, which is now the Google Play Store. When an app is uploaded to the store, Bouncer scrutinizes it for malware, spyware, and Trojans. It also analyzes its performance and will red flag any suspicious behaviors.
However, in June two researchers demonstrated a method by which malicious apps could skirt detection by Bouncer. It involved the app behaving one way when it detected it was being examined by Bouncer and another way when it was running on a handset. Later in the summer, two malware apps were discovered on the Google Play Store that used a multistage payload delivery technique to bypass Bouncer scrutiny.
Even if Google could do a perfect job of purging malware from its online store, malicious apps would still abound in the Android world because there are so many places on the Internet to obtain Android software, according to Trend Micro CTO Raimund Genes.
He noted that Android malware can do everything from subscribing a handset to a premium SMS service, capturing key strokes with a key logger, and planting spyware on a phone that can switch on its microphone and turn the handset into a surveillance device.
In addition, malicious app writers have found ways to embed digital viruses into their malware, he observed. "When you download a program with a virus and open it, it will infect other programs on your smartphone," he said.
He added that Google may consider incorporating anti-malware features into the OS itself. "That shows how bad it really is," he asserted.
A change of heart
Google's stance toward Android malware appears to have changed from last year when some of its higher-ups were bad mouthing the work of black-app fighting firms. "[V]irus companies are playing on your fears to try to sell you BS protection software for Android, RIM and iOS," wroteGoogle Open Source and Public Sector Engineering Manager Chris DiBona. "They are charlatans and scammers."
Google's increased concern with Android malware may also reflect a heightened awareness of how handsets running its mobile operating system are being viewed in the enterprise, according to Sundaram. "A lot of security administrators are fearful of letting Android devices onto their enterprise networks," he said. "There is an inherent feeling among the enterprise security admins that iOS devices are typically more secure."
For comprehensive coverage of the Android ecosystem, visit Greenbot.com.