Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Researchers Find Methods for Bypassing Google's Bouncer Android Security (threatpost.com)

Trailrunner7 writes: Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term.

Oberheide and Miller, both well-known for their work on mobile security, went into their research without much detailed knowledge of how the Bouncer system works. Google has said little publicly about its capabilities, preferring not to give attackers any insights into the system's inner workings. So Oberheide and Miller looked at it as a challenge, an exercise to see how much they could deduce about Bouncer from the outside, and, as it turns out, the inside.

Oberheide and Miller set up some fake Google accounts and began submitting apps to Google Play, the new name for what was originally called the Android Market. They wanted to get a sense of the kind of environment that Google uses to analyze apps, see what weak spots the system may have and then look for methods to use them to bypass Bouncer entirely. One of the apps that they submitted contained some functionality that called out to a server that the researchers controlled once it was in the Bouncer environment. The app gave them a remote shell on the system and the ability to issue commands and see what was happening as Bouncer was analyzing the app.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researchers Find Methods for Bypassing Google's Bouncer Android Security

Comments Filter:

A university faculty is 500 egotists with a common parking problem.