Shared publicly  - 
 
Today we’re revealing a service we’ve developed to scan Android Market for potentially malicious software to help keep Android safe. Learn more about this added layer of Android security in the full blog post: http://goo.gl/YQ4tx
1046
315
Naeem Ally's profile photozhou jianhao's profile photoAlexis Delatolas's profile photoom jannah's profile photo
124 comments
 
Really some people are born to be evil, go get life who ever you are
 
Glad to hear you guys are taking charge of this malware issue.
 
This was long due, at least now you are doing something about it
 
excellnt. and this feature is very welcomed!
 
List all bad publishers too
 
This should silence some mouths.

:)
 
Very cool. A welcomed addition to the market.
 
neat " ...We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior..."
 
Good going. Although, I have a lot of apps installed but haven't been victim of malicious one.
 
Please remove any keylogging, some may "like" it but the harm trumps it all! Mahalo nui loa!
 
Hope this is true and add a lot of security to all the apps asking to access my call logs, my messages and every aspect of my phone...
 
So, is it not easily possible to work with carriers so that developers, who do not have credit cards, send their information (address/phone etc) through their carriers?
At least you should have a means of identifying those posting to the market, so that you can go after them.
 
How about expanding the program to test applications for abuse of:

1. Testing for network access
2. Background abuse (GTalk client does 1 & 2 in the scenario described in the appendix to this post)
3. Update abuse
4. Wake locks cycles through different scenarios

Appendix: Google Talk client abuse on my HTC Sensation 4G Stock

1. Turn on wireless
2. This is a wireless network with a webpage sign-on that specifically blocks google talk protocol
3. Log into network
4. Browser and all other apps have access to the internet except for google talk which keep trying to sign in.
5. Switch the screen off and watch Google Talk kill the battery keeping the phone in a wakelock state continuously trying to sign-in the background. It lacks the intelligence to adapt to a scenario where the network is blocking its protocol but allowing other traffic.
 
Actually, I kinda assumed that they were doing some sort of anti-malware scanning all along!

In any event, this is a great development, and if Google has to take further steps to make novice users both be and feel completely safe while using the Android Market then I hope they will.


We all know that the press and the anti-malware companies have been enormously exaggerating the dangers of malware in the Android Market, but concerns about security have affected Android's reputation and made some users and companies feel uncomfortable about Android.

Given the secure foundations of Android and the Market I think Google should be able to make it so that all Android users' who stick to the Market really are 100% safe - without compromising the openness of Android and its Market.

Android should be for everyone - even the most novice user should be made to feel comfortable using Android. With the flexibility and diversity of Android I believe it can be the right choice for the most basic and the most advanced users.
 
It would be good if this were able to be disabled. This feature has the potential to be abused by Google, and — after all — I am in control of my phone (or at least, should be).

If I want to trash/brick/burn my phone by running malware, that's my responsibility to do/not do, and ultimately my choice.

The primary problem is that people at large are stupid, and rely on others to make decisions for them. (I work in tech support, and rather imaginably, have by and large lost my faith in humanity.) By not making such decisions, you force them to assume the driver seat and take responsibility.
 
+Jeremy Visser This is service that runs on Google servers, scanning apps uploaded to the market, it has nothing to do with your device.
 
+Paulus Koshivi what +Jeremy Visser is saying is that by Pre Scanning apps the user becomes less aware of what we are doing. similar to the "Happy Meal" hey it's sold at McDonalds it's a happy place they won't do anything to harm me.... that type of mentality.

+Jeremy Visser is trying to make people aware of what they are putting into their tech by allowing people to "fall off the cliff"
 
can we also have the ability to deny applications specific permissions we don't want them to have? like our fine (GPS) position? and access to our address book and calendar?
 
+Dave Muller There's also apps like LBE Privacy Guard. doesn't mean it shouldn't be a part of the OS.
 
if anybody could answer this.. why on Android hulu or net flick work and some phones and why do they take long to get in the android market. And other apps as well!?
 
+Jimmy Ramirez Not all Android phones have draconian DRM built into them. If they don't, then content providers forbid their content to stream to them.
 
Android does provide a nice way to easily remove any app, unless the Malware was installed by the OEM. and I consider a lot of the OEM's app's Malware even if they do not steal your data.

Lenovo is installing a second music, gallery, market, and more that are set to default over the well default apps.
 
+Paulus Koshivi In the links provided in the summary, it appears that part of this process is remotely removing apps, which is what I was referring to. I have no problems with Google removing malicious apps from the Android Market.

I apologise for being unclear.
 
Sounds like a GREAT idea! Everyone is saying Apple is safer, which is the reason for those Apple "Fanboys" being against Android..
 
I am hopeful this service has enough intelligence to distinguish between an app that requires root and utilizes it effectively, versus an app that exploits it.
 
I'd love to see another market feature to increase the potency of permissions: make permission use affect search rankings.

e.g. If two apps would otherwise have the same ranking in the app store, but one requires more permissions than the other, then rank the one requiring more permissions lower than the one requiring fewer permissions.

For bonus credit, rank permissions by how often they are abused so they have differential weights. (I could even imagine allowing the user to have control over how much weight is given to different permissions, but I don't know how to make that user friendly.)
 
+Jeremy Visser if you use some other market then Googles, you wouldn't get Google removing your installed bad apps.
 
Good Job, protect us good Google, protect us good.
 
'bout darned time. Good on ya guys. Thanks
 
Long time coming if you ask me...
 
Nice! I'm glad to see that the solution is at least a little bit creative in that it doesn't require any action by the user.
 
where is ICS for AT&T nexus s Google, weve been waiting for wayy too long with no comment , you clearly do not care about your old nexus consumers
 
^Ya i might aswell seeing how google treats there consumers is ridiculous all they care about is new consumers, i have no problem with them delaying the update i understand stuff happens but the fact they say nothing and just keep missing deadlines is unnacceptable
 
yaaay ! no more fricken mess ups on my Android phone :)
 
Hope the scan is at the time of app or update upload and not post. You also need to make individual permissions customizable for all paid apps.
 
+Esa Edvik the one where they said they are rolling out ics to all GSM phone over the next month its been longer than a month and we know the update was stalled for a bit but google has said nothing and sill not released the att update and they are GSM
 
Finally there will be an end to all the fear mongering by the anti-virus apps..
 
Always improving things. Love the continued development of Android!
 
Thank you Android, thats really helpful
 
yeah, we don't want those outbreaks again. millions of android users infected, can't have that repeat.
 
bit late, when the whole ecosystem of android is already fucked and there are exploits everywhere, cause all the sense, motoblur and touchwiz fuck is still stuck on stoneage android. aosp all the way.
 
Waiting for the cloud system to pick up notification spam apps...
 
Cool.

However a way to install apps and then deny access to specific permissions would be very helpful too. This will need platform level changes to avoid crashes when apps are denied specific permission.

For instance, when specifically denied, an ad supported game, instead of crashing, could refuse to let past level 3 unless network and access to GPS / contacts / send international SMSs ;-) / whatever are enabled by the user.
 
This is great news. It'll go alongside the Trend Micro Android scanner perfectly!
 
And what is with Apps that push a download link into the status bar and bypass the market?`(4€ for a SMS Service...)
 
Hi! Why my words dessapears from user dictionary when I restar the phone? Android 2.2 Froyo. Tx
 
What about certification? Something like "Certified by Google", payable hundred dollars per application if developer choose the option on submission. If his application does not fullfil certification requirements he can patch it and send again. Add another tab in market for certified applications.
Most of mature developers will want to have certification so overall quality of applications will be better
Will F
 
Excellent.
 
Focus not just on safety, but android stability. Over reaching permissions for ads can bog down a lower end android device.
 
Securing the Android Market is a good idea. But it doesn’t eliminate the need for a security solution installed directly on the device. According to our stats, only 0.5% of known malicious apps were found on Google’s Android Market.
 
This is great news. Now I can finally thinking about downloading applications without having to think twice.
 
+Omair Aleem Apps can still do things that are not malicious according to Google's definition but that you might not want.
 
Why doesn't it eliminate the need for a security solution installed directly on the device? Is that because your marketing department says so? Good old Bitdefender. I remember the happy days when the PC keygen for Bitdefender used to give unlimited protection on the cheap. Then the licensing system changed and put and end to a nice little freebie. Still, it took 2 or 3 years for it to happen. Anyway I'm pretty sure Google will do a robust job of vetting their marketplace for malware as threatening as that may be to the business model of AV vendors like Bitdefender.
 
Warez? That's illegal. Right I'm calling the police. Wait there.
 
+Rick Kelsall Try searching for #Android here on g+ and you'll find plenty of links to "full versions" of apps.
 
When the ICS update releasing for Google Nexus s i9023 in india
 
Now I can't use my phone credit in order to pay any app! ...
Translate
 
Hopefully this will make those "anti-virus" companies shut up and stop with their BS fear campaign.
 
i want to know wether android support video calling without skype.
i,e. jst dailing the number and have a video call over 3g network without using skype is it possible?
reply ASAP
 
Finally an active approach to deal with malwares in Android Market
 
Мне уже в последнее время андроид разочаровывает особенно работа маркета. Купил приложение но не могу его скачать или же заплатил за приложение дважды и его нет в моих загрузках уделяю обновления маркета приложение есть в моих загрузках но не могу скачать.. И также не могу связаться со справкой к Google ((((((( ужасная работа маркета
Translate
 
Hum. Market still lets me tell my phone to install purchased apps that have since been removed from the market (and locks on "downloading" from the "My Apps" screen) on my Galaxy Nexus. I love Google, but Android Market has proven to be the most buggy app on any of the three android devices I regularly use, and the internet version took six months to update a basic issue, while my honeycomb tablet is still missing basic functions available to phones years ago. I thought Google was busy focusing priorities - did "market" get skipped over, or are there just so many versions out there that it's impossible to fix them all?
 
My market is still showing up as the older version. I have no idea why. and when I try to download stuff it usually just crashes a few times. I like Android, but I wish my carrier had the iPhone sometimes.....
 
hi every 1
I am having trouble with market
every time i would install or update an apps from market its give me an error 101
or closed
idont know whats problem
i tired to clear data & reboot - changed rom, but still error 101
ive nexus one & desire and both of theme having this error
THX
 
I would love to have Chrome for Android, but where is the update for ice cream sandwich for my Samsung Galaxy S??? Or Chrome for Gingerbread???
 
Thanks! Try to update the Straight Talk company Android Phone!
 
Google seem to have its head up his tush in Android's case. You can not get Nexus and you can not get ICS.....well, may be Apple is better after all.....
Jose A0
 
Only for ICS? pointless!
 
If you really want a clean android ecosystem the enthusiast community should stop making "one click" root tools and step by step instructions for people who lack the technical common sense to run this way.
 
it uses so much ram 50MB and runs in background as well...ANY BACKGROUND THAT RUNS IN THE BACKGROUND, IT LOSES IT'S CREDIBILITY FOR ME...
EVEN GOOGLE MAPS SHOULDN'T BE RUNNING ALL THE TIME, BUT IT DOES IN ANDROID PHONES!!! why google, why....if we need an app, WE'LL OPEN IT ourselves!!!!
Add a comment...