Today Google unveiled a new tool to fight malware in the Android Market, appropriately named Bouncer. Hiroshi Lockheimer, VP of Engineering for Android made the announcement on the Google Mobile blog, and it seems to address most concerns users have with the "free and open" style of app market, all done server-side.
Bouncer is a service that runs on the Market's computers, that scans each and every app for known malware, spyware, and trojans. It also looks in the code to see if the app has the potential to "misbehave", and compares it against other previously analyzed apps to spot any red flags. New developer accounts are also analyzed to make sure they're not a previous offender with a new name. Google says they actually run every application in the cloud to simulate how it acts on our Android devices.
This service has been running for some time already. Despite the claims across the Internet that malicious applications are on the rise, Google says the amount of bad apps in the Market has decreased 40 percent between the first half of 2011 and the second half. According to Google, the most important measurement is whether or not malicious apps are being installed, and they know that "rate is declining significantly". This is in sharp contrast to recent claims by Symantec and others that malicious Android applications are on the rise.
They also take a bit of time to explain how Android was designed from the beginning to make malware less disruptive. Learning from the way malware can cause havoc in the PC model, Google has incorporated sandboxing, a permission system that's readily available for the end-user to see, and the ability to remotely remove malicious applications.
No system is perfect. Even very closed application market models have malware slip in once in a while. it's nice to see Google is doing what they can to keep us all safer.
Source: Google Mobile blog