Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Monday, November 2, 2015

Android Tightens Its Security System

                       Everyone knows that Android is fragmented.Everyone also knows that Android is a bit low on security.Also there is is no antimalware software in the Google Play Store.

Surely the danger of virus infecting your phone is also partly due to you.If a user downloads apps from third-party app stores, however, he faces two possible threats: rogue/spyware applications and premium SMS apps.

Android 4.2 however effectively deals with those two last threats as well, and here is how.

Bouncer, Google Play's security system


To properly understand the process, we need to go back at February 2015 when Google introduced the Bouncer system that continuously scans and analyzes every single app submitted on the Play Store, and goes to such great lengths as to actually run every app on a cloud simulator to check its actual behavior. The result is that Google Play has become a very safe & secure place.

A little disclaimer to be perfectly exact: it is not impossible to circumvent the Bouncer system as it runs a virtual environment and that could be detected, but it is extremely hard to crack it. And given the consequences for the developer account that does, it is hard to imagine Android security cracked.

Now, Bouncer is almost sealed to the public. Reverse-engineering it, though, has revealed that what it does is effectively detect the most common threats from spyware and premiums SMS apps. If an app tries to steal your contacts, Bouncer detects it. If an app tries to send a message to a premium number, Bouncer detects it. If an app, steals your photos? You guessed it right, Bouncer detects it.


Android 4.2 brings Bouncer to sideloaded apps


The big news with Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check apps you download on the Amazon Appstore. Or an anonymous Chinese app catalog.

Whenever you try to ‘sideload’ an app (install it from a different source than the official market, that is), the system will kick in and instantaneously run that same very detailed check on Google’s servers. Speed here is important, and in Android's case, you won't even notice the check.

"The server does all the hard work," Android VP of Engineering Hiroshi Lockheimer explained. "The device sends only a signature of the APK so that the server can identify it rapidly."

                         The new service is not mandatory though. The first time you try to sideload an app on your Android 4.2 device, a pop-up will appear asking you whether you want to verify apps. Best of all, when an app raises some red flags with its behavior, but can’t be definitely written off as malware, you get to choose whether to install it or not afer reviewing what it has access to. And even the permissions screen has been tweaked adding illustrative icons, so you can take a quick glance instead of reading it.
Android 4.2 spreads security to third-party app stores: here is how
               This is definitely another huge step for Android security . Instead of leaving its app protection system for the Play Store only, the company spreads it to sideloaded apps and thus makes third-party app catalogs more secure.
App permissions on Android 4.1 (left) and 4.2 (right)
App permissions on Android 4.1 (left) and 4.2 (right)

Thursday, October 15, 2015

Google Working On A Virus Scanner For Future Google Play Update

Android could get a virus scanner in future Google Play store update

Android’s Google Play seems to be on its way to get a built-in malware scanner. Found in the string file in one of the latest Google Play updates is evidence that Google is indeed working on a built-in application to detect viruses on Android, and that is something that will finally calm down a lot of people about the safety of the ecosystem.

The software in question is referred to as “App Check,” and by the looks of it, it is exactly there to detect malware. Judging from all the visible evidence (there is nothing official about it yet), the App Check will first scan pre-installed applications to see whether you haven’t already somehow gotten malware on your device.

Secondly, it will of course monitor new installations and warn you if they contain malware.

You can say it’s a malware scanner in the making not just by the name, but also by the accompanying icons with a shield and exclamation marks on triangles. The results of a scan will be “All-good” and “Oh no!”

That’s all great, but let’s underscore the fact that this “App Check” is not yet functional. It probably will arrive in future versions of Android, when it is expected to function along with Google’s “Bouncer” online service.