Researchers bypass Google's Android Bouncer
Posted on 05 June 2012.
First introduced to the public in February this year, Google's Bouncer was welcomed as a great addition that aimed to make Google Play more secure for Android users.


Unlike Apple, Google doesn't have a vetting process in place that would keep malicious apps from being accepted on the official Android marketplace - the company decided to opt for the Bouncer, an automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device.

In an attempt to prevent malicious app developers from finding out ways to bypass it, Google shared no more details about how Bouncer operates. But security through obscurity is not a good tactic in this case, and it was only a matter of time until someone managed to evade the roadblocks.

As a way of announcing their upcoming talk at the SummerCon conference, researcher Jon Oberheide has shown how he and Charlie Miller succeeded in discovering just what kind of virtual environment Bouncer uses and how it might be vulnerable.

The two researchers started by making fake Google accounts and submitting various apps to Google Play.

Once an app that was able to contact a server controlled by the researchers was picked up for analysis and run in the Bouncer environment, they were able to obtain a remote Linux command-line shell on the system and to poke around for clues by making the app perform commands they sent to it.

That's how they discovered that Bouncer used the QEMU processor emulator, and that all requests coming from Google came from a specific IP block.

Among other things they also discovered that malicious individuals could freely upload apps to Google Play without using a valid credit card or account, making it easy for them to test their malicious wares without having them traced back to them or "burning" a stolen credit card.

Google has been made aware of all this, and it's engineers are likely working of ways to improve the Bouncer.

"It'll never be perfect, but hopefully they'll sweep up a lot of the crap malware with it," Oberheide commented for ThreatPost. "But malware authors share code widely and collaborate, so I wouldn't be surprised if they have a library soon to help bypass Bouncer that you'll see in a bunch of malicious apps."






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //