Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market.
Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term.
Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware.
“This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its environment,” Oberheide wrote in a blog post this morning.
“While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities. We’ve been in touch with the Android security team and will be working with them to address some of the problems we’ve discovered.”