Malware researchers bypass Android market's Bouncer system

Bouncer, the anti-malware mechanism of Google's market for Android apps, may not be as tough as it sounds after all.

 

Security researchers Jon Oberheide and Charles Miller showed this week how Bouncer can be bypassed to slip malicious apps into the Android Market.

 

"While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities. We’ve been in touch with the Android security team and will be working with them to address some of the problems we’ve discovered," Oberheide said.

 

Android’s Bouncer is a system Google recently put in place to prevent malicious apps from getting into the Android Market.

 

Oberheide said he and Miller submitted an application to the Android Market and get a connect-back shell on the Bouncer instance when it tried to analyze the app.

 

But upon receiving a callback, they got a remote interactive shell running on an emulated Android device hosted by Bouncer.

 

With this, he said they can poke around the system to look for interesting attributes of the Bouncer environment such as the version of the kernel it is running, the contents of the filesystem, or information about some of the devices emulated by the Bouncer environment.

 

"So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device," he said. — TJD, GMA News