Bouncer performs a set of analyses of Android applications, whether new or already on the Market, as well as developer accounts, explained Hiroshi Lockheimer, vice president of engineering at Android. He stressed that the process does not disrupt the user experience on the Market or require developers to go through an application approval process.
“Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags”, Lockheimer wrote in a blog.
“We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back”, he added.
Lockheimer said that the Bouncer service, which apparently was deployed sometime in the second half of the year, has already succeeded in reducing malware on the Market by 40% between the first and second half of 2011.
Vanja Svajcer, principal virus researcher in SophosLabs, said that the Bouncer service is a step in the right direction. But he called on Google “to define a secure API [application programming interface] that could be used by Android anti-malware software for better protection of users and their devices….To truly protect devices, we need a local bouncer. Not one like today’s anti-malware apps, with poor stamina and no weapons. Only with Google anti-malware API Android protection products will be fully armed and prepared to fight.”