Research Find 'At Least 20' Ways To Bypass Google's Bouncer

Google's automated service for spotting malicious Android apps can be bypassed, they say
Two well-known smartphone security researchers said they've found multiple techniques for bypassing Bouncer, the automated system Google uses to keep malicious applications out of Google Play, its official Android application store (formerly dubbed Android Market).

The researchers--Jon Oberheide, CTO of DUO Security, and Charlie Miller, principal research consultant at Accuvant Labs--plan to present their research at Summercon this Friday. The pair said they've shared full details in advance with Google.

Android is now the most-used smartphone operating system, on track to command 61% of the global smartphone market this year, according to IDC.

After a flurry of news reports highlighted a marked increase in Android malware volumes, Google earlier this year responded by disclosing the existence of Bouncer. According to Google, between the first and second half of 2011 Bouncer reduced by 40% the number of malicious applications downloaded by users of the Android application marketplace.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.