Bouncer is the cloud based Google service which helps users avoid malicious apps people upload. Only problem is some folks have found a ways around Bouncer. Hit the jump for details about the malware threat.

ShottaDru X TatWza


Mobile security experts say they’ve devised multiple ways to bypass the cloud-based service Google uses to keep its online market free of malicious Android apps.

By exploiting the weaknesses in Google’s Bouncer service, researchers Jon Oberheide and Charlie Miller say it’s possible to sneak malicious apps into Google Play. In a video demonstration, they show how one of their techniques gives them a remote connection to an emulated Android device hosted by Bouncer. By feeding it commands to display files and reveal system attributes, the researchers were able to divulge information about the way the system works.

“So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device,” Oberheide said in the video. It was released on Monday, ahead of a presentation he and Miller are scheduled to give later this week at the SummerCon conference in New York City.

Google unveiled Bouncer in February. The scanner automatically checks each title in the Google app bazaar to make sure it doesn’t match signatures of known malware. Within weeks of Bouncer’s debut, hackers claimed to find reliable ways to circumvent its protection and sneak a malicious app called Sexy Girl into the official Google market.

“While Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we’re confident that Google will continue to improve and evolve its capabilities,” Oberheide wrote in a short blog post. “We’ve been in touch with the Android security team and will be working with them to address some of the problems we’ve discovered.”

Ars Technica