Google is taking steps to better police its Android Market for malware masquerading as legitimate applications. The company unveiled a service called Bouncer this week that analyzes new apps as they are submitted by developers to determine if they contain malicious code. It also scours existing apps and checks back on developer accounts to prevent repeat offenders from accessing the market. Google has asserted that the use of Bouncer during 2011 led to a 40% drop in possibly malicious downloads from its app market.
The announcement followed a controversial report from Symantec last week in which the security software specialist identified a Trojan called Android.Counterclank that it said could steal data and enable unwanted remote control of infected mobile devices. Clearly not everyone agrees on what constitutes malware, since Google refused to remove the allegedly infected games and entertainment apps on the grounds that they did not violate their terms of service.
Symantec revised its assessment a few days later, acknowledging that the code in question, while arguably aggressive, is included mainly to enable developers to more easily make money with their tracking software. In other words, Android.Counterclank is spyware that sends information such as a phone’s make and model, screen size, and language back to developers; the code can also reset a browser’s homepage and create unwanted bookmarks and shortcuts that direct back to the developer’s website.
This is a privacy issue that is all too familiar in the PC realm, but one that hasn’t gotten as much traction yet in the booming mobile Web space. Desktop security software leaders like Symantec and smaller firms such as SUPERAntiSpyware.com trade on their ability to help customers identify and remove PC threats and annoyances. (PC Web browsers also feature similar tools.) Such undesirables range from destructive and costly viruses to the relatively benign tracking cookies planted by advertisers to monitor consumer browsing patterns. With smartphones, however, the waters are muddied because many apps and games have similar tracking functions baked in, with no way for users to turn them off or even know they exist in some cases.
While most mobile device users will remain happy as long as they can connect with friends and kill some downtime playing games on their phones, it’s likely that we’ll see more dust ups around this issue as more people become aware that their mobile Web activities are being tracked, and app and mobile platform developers push the boundaries of what is an acceptable level of user information to collect and share.