Who defends your mobile: robot or humans?

At the start of this month, Google sent a message to Android malware authors: No more Mr. Nice Guy. In a blog post, engineering vice president Hiroshi Lockheimer wrote that Google had been scanning Android Market apps "for a while now" with an automated routine called Bouncer. Lockheimer's post explained that Bouncer inspects apps for known malware and troubling behavior, in part by running them on simulated Android phones. It works, he said: "Between the first and second halves of 2011, we saw a 40 percent decrease in the number of potentially malicious downloads from Android Market." ANALYSIS: Chomp: An Easy Way to Search for Apps Since the prior defense on the Market had consisted of Google yanking rogue apps after users reported them, this was a major advance. But is it enough? On one level, you could say so. Symantec's database of threats only lists one recent case of Market malware (separate from apps hosted elsewhere, which you can't install on Android by default), an app that Lookout Mobile Security and others ruled was merely a pushy advertising operation. The latest report of Market malware from another security firm, Sophos, was a December warning about malicious games. Lookout representative Remi Harrad wrote Friday that "we haven’t found any more significant malware on the Android Market" since early February. But Chester Wisniewski, senior security advisor at Sophos, wrote that the major problem on the Market was "dodgy apps" that steal personal data -- and that Bouncer hadn't helped. Past studies of automated scrutiny of mobile apps suggest caution. A 2011 report (PDF) by researchers at the University of California at Berkeley found that the automated screening of Nokia's Ovi software store had apparently okayed five of 24 malicious apps. A 2008 paper (PDF) by IBM, Samsung and University of Michigan researchers suggested that well-crafted "behavioral detection" could identify malware "with more than 96 percent accuracy" -- not good enough to surrender judgment to the likes of Bouncer. Two security professionals suggested possible gaps in Google's scrutiny. Peter Szor, a researcher who joined McAfee Labs last spring, said some Android malware is "very device specific" -- targeting particular models -- and so might look safe in virtual-machine testing. He also noted that rogue applications could download malicious code after being installed. Chris Ensey, director of government relations for SafeNet, Inc., echoed that concern. He added that while security firms like his employ "virtual execution" techniques to check attachments and links sent to employees, that's easier work: Those items shouldn't run any code. Flagging a malicious application "requires far more advanced inspection tactics." BLOG: Undress Catalog Models with New App Meanwhile, you can and should consult the useful data Google provides about Market apps (including recent additions like "+1" recommendations for apps from Google Plus users) before downloading them. Don't install anything from outside the Market unless you know exactly what you're doing -- the latest attack Sophos reported was a download from a site listed on a Facebook profile Lookout representative Remi Harrad wrote Friday that "we haven’t found any more significant malware on the Android Market" since early February. But Chester Wisniewski, senior security advisor at Sophos, wrote that the major problem on the Market was "dodgy apps" that steal personal data -- and that Bouncer hadn't helped. Past studies of automated scrutiny of mobile apps suggest caution. A 2011 report (PDF) by researchers at the University of California at Berkeley found that the automated screening of Nokia's Ovi software store had apparently okayed five of 24 malicious apps. A 2008 paper (PDF) by IBM, Samsung and University of Michigan researchers suggested that well-crafted "behavioral detection" could identify malware "with more than 96 percent accuracy" -- not good enough to surrender judgment to the likes of Bouncer. Two security professionals suggested possible gaps in Google's scrutiny. Peter Szor, a researcher who joined McAfee Labs last spring, said some Android malware is "very device specific" -- targeting particular models -- and so might look safe in virtual-machine testing. He also noted that rogue applications could download malicious code after being installed. Chris Ensey, director of government relations for SafeNet, Inc., echoed that concern. He added that while security firms like his employ "virtual execution" techniques to check attachments and links sent to employees, that's easier work: Those items shouldn't run any code. Flagging a malicious application "requires far more advanced inspection tactics." BLOG: Undress Catalog Models with New App Meanwhile, you can and should consult the useful data Google provides about Market apps (including recent additions like "+1" recommendations for apps from Google Plus users) before downloading them. Don't install anything from outside the Market unless you know exactly what you're doing -- the latest attack Sophos reported was a download from a site listed on a Facebook profile