Submitted by “Google has added an automated scanning process that is designed to keep malicious apps out of the Android Market , the company announced today. The new service, code-named ‘Bouncer’, scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. Every app is then run on Google’s cloud infrastructure to simulate how the software would operate on an Android device, he said. Existing apps are continuously analyzed, too.”
About frickin time!! Hope it actually does the job of keeping scum out, unlike real life bouncers.
Not sure how much confidence an automatized process like this inspires, but I guess it’s a start. Would be better if they had some sort of stability/compatibility check in place as well. As it is, the current application stability in the Marketplace makes even the most unstable of rolling Linux distro repositories seem like a picnic basket.
Best scenario would be Google pay OpenBSD devs to individually scrutinize every single app. Neurotic mofoes, that lot, but highly competent.
Edited 2012-02-03 01:15 UTC
That’s not strictly what they’re for, AND the inside environments of many venues (stuffy, crowded, not-quite-comfortable in general, boring, many male strangers, too loud, alcohol, drugs, and so on …which includes “over-eager” bouncers themselves) favor emergence of aggressiveness and such.
Took long enough… Better than nothing…
Being responsible for Code Quality Assurance at work, I can tell you that anything requiring human assessment for this is:
a) Unrealistic (without the application source code).
b) Non-scalable.
c) Subject to subjective criteria and manipulation, and thus criticism (see the problems with the Apple App Store).
I think their approach (automatic scanning for raising red flags with human inspection for confirmation) is the only one that’s possible, unless you are prepared to give up on openness.
Disclaimer: Part of my work is implementing automatic criteria for code quality. Computer calculated metrics aren’t perfect, but help things improve over time (instead of degrading), and are the only thing that can be realistically deployed without impacting too much on developer turnaround due to an excess of bureaucracy…
It eat 100% Apple margin on the app store, but I guess it is what they want. So it is humanely possible, just very expensive.
What a load of crap! I can’t believe Google is only _now_ doing this…
Bouncer has been in use for some time. They only announced it now.
I wish they also improve the segmentation on the permissions…
I recently looked at incoming call blockers and every one I could find required dialing *out* permissions. I found no way to tell if they were all scammers or the permissions are so brad that it was inevitable the authors to request such “user-risky” access.
Maybe it is just unclear in the market interface, but who knows?…
This is good news anyway, none needs smartphones becoming our new security nightmare, at least don´t let it stay as easy as taking a candy from a baby.
Up-until when the “Bouncer” is found to be ineffective, this is good marketing for user’s piece of mind.