Google puts malware scanner in Google Play pipeline

Oct 16, 2012 by Nancy Owano weblog

(Phys.org)—A new version of the Google Play app store will enable scanning users' smartphones for malware, according to Android Police. The site's report, headlined "A Built-In Malware Scanner," said, "Yes, it's hard to believe, but Google is working on a malware scanner for the Play Store. The string file doesn't lie." The heads-up item said that there are two malware-fighting parts in the Google pipeline:"App Check" will allow Google to check out each application that has already been downloaded, while an application blocker will deliver a warning of any application that looks suspicious. Also according to Android Police, there will be a "shut up and download it" button for people who want to proceed anyway.

Presently, Google says on its "Security on Android" page that Google Play has a rating and review system that allows you to discover more about the app before you install it. Any app that might mislead the user probably has a low star rating and poor comments. Google says users can even flag apps for review if they see something that makes them think it is suspicious."We remove those applications that violate our policies."

In response to the Android Police news, Sophos said it viewed the Google Play code. Graham Cluley, consultant at Sophos, said on Naked Security that Sophos examined the new code in Google Play, suggesting Google's intent to build a framework for -scanning, in the future. He said functionality will not be available "until at least level 17 (which will be supported in the version of the Android after Android 4.1 ()." The functionality may also make use of the Google Safe Browsing API.

Google Play is a rebranded and expanded "Android Market," the formerly named e-store for buying and downloading mobile apps. The promotional description for Google Play reveals the breadth of exposure to media products: "On Play you can choose from over 675,000 apps and games, browse the world's largest eBookstore, discover millions of songs, watch the latest and greatest movies and TV shows, and even flip through your favorite magazines."

While mobile devices are rich in choices, they also carry risks for as stats indicate. Malware on mobile devices is alive and thriving. The FBI's Internet Crime Complaint Center (IC3), for example, issued a warning this month about increasing levels of malware targeting Android phones.

The IC3 mentioned two such malware threats, Loozfon and FinFisher. Loozfon lures its victims through invitations for work opportunities or for viewing porn and then proceeds to steal information. The FBI said it is mainly targeted at Japan. FinFisher is capable of taking over the mobile device. Victims are lured through web links or bogus text messages pretending to be system updates. When installed the mobile device can be remotely controlled and monitored.

Interestingly, some tech bloggers as well as forum contributors appear to treat the FBI warning , not holes in Android, with derision. Their reactions can be briefly summed up as follows. "So I have to click on a strange email and then follow an unknown link?" "So I have to click through the warning about malware?" "Give us a break." "If you're that dumb, blame yourself."

Nonetheless, said another group, one cannot underestimate people who are naïve. The FBI, meanwhile, wrote up an advice list for avoiding malware, including this: "If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device."

They also recommended checking out all defaults that come with a new smartphone. "Turn off features of the device not needed to minimize the attack surface of the device."

They also reiterated the obvious: "Use the same precautions on your mobile phone as you would on your computer when using the Internet."

Explore further: Download woes and HealthKit flaw bite iPhone software

More information: www.androidpolice.com/2012/10/… theres-more-wish-lis

Related Stories

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

Staggering surge in Android gadget viruses: Juniper

Nov 16, 2011

The arsenal of malicious code aimed at Android-powered gadgets has grown exponentially, with criminals hiding viruses in applications people download to devices, according to Juniper Networks.

Android mug shots have no lock and key

Mar 04, 2012

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security ...

Recommended for you

Where's the app for an earthquake warning?

8 hours ago

Among the many things the Bay Area learned from the recent shaker near Napa is that the University of California, Berkeley's earthquake warning system does indeed work for the handful of people who receive its messages, but ...

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 0