Researchers Exploit Google Bouncer, Drop Malicious Apps in Google Play Store

Google’s Bouncer just made sense; unlike Apple’s heavily curated walled-garden app store, Google Play is a target for malicious (and/or downright crappy) apps, so having Bouncer in place to scan submitted apps for malicious software to protect Google Play customers was necessary.

Google kept Bouncer’s intimate details under wraps to keep it from being hacked or exploited, but like death and taxes, someone was bound to find a way to sneak something nasty past Google’s door man.

Image credit: Android Police

Fortunately, the successful parties turned out to be Charlie Miller and Jon Oberheide, a pair of researchers who will be presenting at the SummerCon conference soon.

How’d they do it? Have a look-see at the video below.

Unfortunately, this means that Bouncer can be avoided, so the Google Play store isn’t as secure as we all thought. Google would be wise to jump on this post haste and solve the vulnerability Miller and Oberheide found; indeed, Oberheide’s blog post noted that he and Miller are already working with the Android security team to solve the problems they found.