The Android ecosystem is expanding ferociously, and with it so does the number of malware attacks. Since 2011, we have been watching a lot of cybercriminals and malware attacking Android users in one way or another, including fake Android game apps, devilish root kits, and the worst in the form of spam emails. To cope with the malicious attacks, Google started a security service called Bouncer that automatically scans apps on Google Play store, including both new and already uploaded apps. According to Google, there came a decrease of 40 percent in the number of malicious downloads after the Bouncer was introduced. Besides, Google also stated that no security is fool proof, including Bouncer.
This is quite evident from the recent experiment conducted by two researchers who found that Bouncer can be fingerprinted.
To confirm the same, they submitted an Android app to the Google Play store, containing a shell code that allowed them to poke around Bouncer while the submitted app was being analyzed. As a result, they discovered that the Bouncer checks a submitted app for only five minutes, performs dynamic analysis, and Google’s IP range assigned to Bouncer can be seen as the analyzed apps are allowed to access Internet while being tested.
As a result, this means that cybercriminals can still take advantage and get a malicious app passed by disguising as a legitimate app. This can be done by delayed attack where malicious app behaves benign while the Bouncer is running and then starts running malicious code after being installed in the user’s phone. Alternatively, there is no need to install a malicious attack in the first go. Once the app evades the Bouncer check and gets installed in the user’s phone, the application can download additional malicious code to run on the device.
Android seems to be the favorite mobile OS for hackers, owing to the increased number of Android malware. 5,000 new malicious Android apps were found in the first quarter of this year, while 15,000 were found so far in Q2 2012. While cybercriminals will never take break from their activities, what’s quite appalling is that only one out of five Android devices has a security app installed, putting user information data and financial information at risk.
So, the best way that seems around is that users should be aware of what they are installing on the device. No matter how tight security measures are taken, cybercriminals always find a way to purge them. Perhaps the best way is to install a good antivirus application that can keep malicious apps away, and keeping your senses aware.