Google has revealed Bouncer, a service that scans Android Market applications to look for patterns of potentially malicious code. Although Bouncer is being revealed only today, it has been in operation for almost a year as Hiroshi Lockheimer, VP of Engineering, Android mentions in his blog post: “The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market”.
This comes at a time where anti-virus software vendors have made a push to “alert” (or some would say “scare”) Android mobile users. Of course, it is true that malware has been rising alongside Android, and that the relative openness of the platform has made it an easier target. The fact that you can install (sideload) apps without going through the Android Market also makes things a bit harder to track and check. However, this is a risk that you take by sideloading from an unknown source. Think again next time you’re trying to get the “free” version of a cool app…
In any case, it’s a good move from Google as the Android app world is a bit of a wild west, and that despite Sandboxing, apps can ask for permission to access a number of resources, permission that if often granted by users without much of a thought. Overall, I still consider the “malware problem” on Android a far cry from what it is on personal computers, but we can’t deny that it exists, so before granting permissions to an app, pay a bit more attention.