Researchers Exploit Google Bouncer, Drop Malicious Apps in Google Play Store

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,182
Points 1,185,970
Joined: Sep 2007
News Posted: Tue, Jun 5 2012 3:36 PM
Google’s Bouncer just made sense; unlike Apple’s heavily curated walled-garden app store, Google Play is a target for malicious (and/or downright crappy) apps, so having Bouncer in place to scan submitted apps for malicious software to protect Google Play customers was necessary.

Google kept Bouncer’s intimate details under wraps to keep it from being hacked or exploited, but like death and taxes, someone was bound to find a way to sneak something nasty past Google’s door man.

Image credit: Android Police

Fortunately, the successful parties turned out to be Charlie Miller and Jon Oberheide, a pair of researchers who will be presenting at the SummerCon conference soon.

How’d they do it? Have a look-see at the video below.

Unfortunately, this means that Bouncer can be avoided, so the Google Play store isn’t as secure as we all thought. Google would be wise to jump on this post haste and solve the vulnerability Miller and Oberheide found; indeed, Oberheide’s blog post noted that he and Miller are already working with the Android security team to solve the problems they found.
  • | Post Points: 35
Top 200 Contributor
Posts 385
Points 3,845
Joined: Jun 2011

Strangely enough, I've found that Microsoft Security Essentials can find some malware in some APK files also. Makes you wonder what Microsoft is up to.

  • | Post Points: 5
Top 50 Contributor
Posts 2,865
Points 29,645
Joined: Mar 2011
Location: United States, Connecticut

Awesome! the play market definitely needs a "bouncer" hopefully these researchers get a bounty for helping out Google.

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS