

Google prides itself with Bouncer, the security measure they launched early this year to filter malicious apps on Google Play before they can be downloaded by Android users. If you’re an Android user, knowing this fact makes you feel secured that apps on Google Play will not bring harm to you or your Android device. But unfortunately, Bouncer is not flawless, as some malicious apps are still able to sneak past Google’s security checks.
Bouncer is flawed
In an interview with Forbes, security researchers Charlie Miller and Jon Oberheide discussed how Bouncer actually works and how malicious apps gets through security check.
Google doesn’t use actual phones to test apps that they think are sketchy, they use a virtual phone to test them out. And that’s where the problem begins. Some malicious apps are designed to test the waters before wreaking havoc. They check things out first to determine if they were downloaded on an actual phone by scanning the content of the phone. The problem with Google’s virtual phone is that it only contains one contact, Michelle K. Levin with an e-mail address of Michelle.k.levin@gmail.com, and contains only two photos, one of a cat and then another of Lady Gaga. Google, you almost convinced me.
And that’s how Oberheide’s app, HelloNeon, designed to pull down new malicious codes once installed on a user’s phone, got into Google Play. And that’s just one of the ways to bypass Google’s security measure. At the Summercon conference in New York this week, Miller and Oberheide plans on presenting more methods to circumvent Bouncer. Click here to see the video of how Bouncer’s flaws were exposed.
“There are a thousand different ways to very accurately and sustainably fingerprint Bouncer,” says Oberheide. “Some are really hard to fix. Some can be fixed pretty easily. But in the long term game, the attackers have a major advantage.”
Though it may seem like the security measures on Google Play can be trusted, consumers shouldn’t take this as a cue to abandon their Android devices or stop downloading apps on Google’s Android market. If there are ways for an app to bypass security, surely, there’s a way for consumers to recognize if an app is malicious or not.
Here are some important tips to remember before downloading any mobile app:
Some may think that it’s such a daunting task, researching things just for an app, but hey, it’s for your own good. Do you want the content of your device be available to hackers? Do you want your device to spread malware? Do you want unbelievably high phone or credit card bills? Those are just some of the things that could happen once a malicious malware gets in your device, so it’s up to you to decide.
THANK YOU