While it’s a good thing for developers that there isn’t much of an approval process to get an app in the Android Market, it’s not such a great thing for those of us who download them.
Recognizing that, Google’s Android team has taken the covers off of its initiative to keep malicious apps out of the Market, and they call it “Bouncer”. The service automatically scans all of the apps in the Android Market for malicious software, and it doesn’t require any interaction from the users or the developers.
Here’s what the team had to say about Bouncer today:
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
According to Google, Bouncer has been at work for a “while now”, and it has helped cause a 40% decrease in malicious downloads from the Android Market. While Apple has a much tougher app review process, it’s completely manual. As those who are trying to add crooked apps to the Android Market get craftier in hiding them, Google will have to update its scanner to detect them. I imagine that this is the type of cat and mouse game that happens with those trying to game Google search results.
A safer Android platform means happier consumers, and the more the company can do on this front, the better reputation they’ll get. Keeping the app submission process a simple and fast one is what Google is betting on to steer developers towards its platform, and Bouncer sounds like the perfect way to keep that intact.
Via | The Next Web