Google is addressing growing concerns about malware in Android Market with the formal unveiling of a scanning service called Bouncer that will attempt to weed out bad apps in its marketplace. The service has been running for some time now and has helped Google reduce the number of potentially malicious downloads by 40 percent from the first half of 2011 to the second half.
The system works by analyzing new and existing applications in Android Market and also developer accounts. Bouncer scans for known malware, spyware and trojans and monitors for suspect behavior that could indicate a red flag. Google also runs each app through its cloud infrastructure to see how it will run on an Android device. Additionally, Google analyzes new developer accounts to keep out repeat offenders.
Google’s Hiroshi Lockheimer, the VP of Engineering, Android, said it is impossible to prevent all malicious apps from entering Android Market but that the company is making significant progress in decreasing the number of bad apps being downloaded. Said Lockheimer:
No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.
Google is attempting to make Android Market safer without imposing more burdens on developers. That means developers can still upload away and consumers can get the apps immediately, unlike Apple’s App Store, which reviews and approves each app, creating delays. It is a tight balance, because Google has been increasingly called out for malware apps that make it into its store. Working in the background allows Google to apply a technology solution that should require less manpower. And it can still encourage developers to keep iterating and developing for Android without enforcing time-consuming reviews.
But while this may cut down on the overall number of malicious apps, it only takes one or two big attacks to undermine Android’s reputation here. And that may be enough to still fuel the work of companies like Lookout and Symantec, which are getting mileage out of harping on Android’s security concerns. Of bigger concern is the fact that there is still not much disincentive for bad actors to introduce malware into Android Market. Google will boot out offenders and work to prevent their return, but with just a threat of losing a $25 developer registration fee, the penalties for getting caught may not keep bad developers out. But at the very least Google is addressing the issue further and seems to understand that it is only going to become more of a target as it racks up app downloads, which are now up to 11 billion.