Google Bouncer Revealed, Undressed and Soundly Defeated
Filed under News by Joseph Hindy on June 4, 2012 at 11:23 PM
This is what Malware Apps are going to be doing to Google Bouncer soon enough...
Oh me, oh my, or so goes the saying. Very recently, a couple of hackers by the name of Charlie Miller, who is an already renown Apple hacker, and Jon Oberheide have been going over all the various ways to get around Google Bouncer. For those who don’t know, Google Bouncer is the automated scanning program that scans new applications as they hit the Google Play Store to see if they’re malicious or not. While effective to an extent, the system is far from perfect and it’s only a matter of time before Malware applications get around it entirely.
To further explain, when an Android application hits the Play Store, the Bouncer runs the application in a simulated Android environment to see what it does. This is very similar to current testing techniques in place already, where developers run their application in a virtual Android device to test for bugs. If the application begins to do a bunch of naughty things, or things that can be construed as naughty, the Bouncer will deny the application and it will never see the light of day. In theory, it’s a fantastic idea but in practice, hackers are smarter than that. One of the methods that Miller and Oberheide intend to show at their presentation at Summercon this week is how the application can identify when it’s running in a simulated environment, namely the Bouncer’s specific simulated environment, and then play nice until it passes the inspection. From there it will be approved for the Play Store where it’ll be downloaded by users where it can then continue on its malicious way.
Very soon the ball will be in Google’s court as these two hackers have shown how Google Bouncer can be completely defeated and Google will need to respond. There have been examples already published of an unnamed application getting beyond Bouncer and the app developer simply sending update after update, adding more Malware content until it’s a full blown problem. If Google can’t respond, then it’s only a matter of time until Bouncer is nothing more than an annoyance that can be easily coded around.
Wow, that is really scary – you would think that there would be more security than that. Sony anyone? Great article Joseph
It is a little scary, but Malware apps still look the same as they always have. Don’t download “Angry Birds cheat codes” or absurdly named applications like that and, most importantly, read app reviews. If it’s malware, people will tell you :)