Pages

Thursday, 30 August 2012

Android Market 啟動「Bouncer」惡意程式掃描服務


知名手機防護軟體公司表示 Android Market 上的惡意程式數量狂飆,再加上出現帶有病毒的假 Google+ App,弄得 Android使用者人心惶惶,不過根據 Google 的官方統計,2011下半年的惡意程式下載數比上半年減少了40%,可見這其中大有來頭。

今天 Google 正式揭示一項名為「Bouncer」的新服務,這項服務會在 Android Market 上背景運作,掃描 Android Market 上的惡意程式,同時這項服務也被應用在開發者帳號中,未來當新的App被上傳時,「Bouncer」會立即對App進行分析,避免惡意程式、間諜程式或木馬入侵 Android Market 。除此之外還會針對 Android Market 上的每個App進行模擬測試,找出惡意程式在 Android 裝置上的運作方式,以便抓出更多潛藏在 Android Market 中的惡意程式。

對於發佈App的方式而言,Google 依然維持不直接對 App 逐步審核的方式,打算用生力軍「Bouncer」進行全面掌控(當然,主動回報機制還會持續運作),但是惡意程式開發者可別以為被抓到再申請一個帳號就好,Google 將會主動分析新的開發者帳戶,避免惡意程式開發者重新進入 Android Market 危害其他使用者。

延伸閱讀:

Android and Security


By Hiroshi Lockheimer, VP of Engineering, Android

The last year has been a phenomenal one for the Android ecosystem. Device activations grew 250% year-on-year, and the total number of app downloads from Android Market topped 11 billion. As the platform continues to grow, we’re focused on bringing you the best new features and innovations - including in security.

Adding a new layer to Android security
Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.

The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.

Android malware downloads are decreasing
The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise. While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market - and we know the rate is declining significantly.

Android makes malware less potent
In addition to using new services to help prevent malware, we designed Android from the beginning to make mobile malware less disruptive. In the PC model, malware has more potential to misuse your information. We learned from this approach, designing Android for Internet-connected devices. Some of Android’s core security features are:
  • Sandboxing: The Android platform uses a technique called “sandboxing” to put virtual walls between applications and other software on the device. So, if you download a malicious application, it can't access data on other parts of your phone and its potential harm is drastically limited.
  • Permissions: Android provides a permission system to help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don’t need to install it.
  • Malware removal: Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.
No security approach is foolproof, and added scrutiny can often lead to important improvements. Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.