The battle between malware writers and those trying to make their life miserable is a never ending one, will forever be a never ending one. The nature of the battle field makes it so.
The bad guys will always find a way, sooner or later, to penetrate the security wall around an application. And as soon as one hole is patched, they will find another one. It is like a movie that never ends, with your device as the stage.
Being very security conscious (some would say paranoid), I pay close attention to security-related news, especially when it is about tools that are designed to make a system a bit more secure for end-users. So I got really excited when Hiroshi Lockheimer, Android VP of Engineering, announced Bouncer, a new security service designed to sweep Android Market for malware.
From the description, Bouncer is like a security agent that scans the marketplace for malware, relying on signatures of known malware to do its job. Besides looking for malicious applications, Bouncer also analyzes “new developer accounts to help prevent malicious and repeat-offending developers from coming back.” The idea, as Hiroshi described it, is to provide an “automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.” Sounds good to me.
Bouncer has reportedly led to a 40% decrease in the number of malware or potential malware downloaded from Android Market, and is an addition to three other security layers built into the Android platform, which are:
- Application sandboxing
- Permissions system for applications
- Malware removal from the marketplace and from your Android device. Yes, Android has the capability to remotely remove malicious applications from your tablet or phone. But do not fret, you will be notified after the fact.