Lady Gaga Saves Android Users From Malicious Malware

Google's automated Android security system Bouncer, which is used for detecting malicious apps, can be easily bypassed claim two researchers.

Charlie Miller, principal research consultant at Accuvant Labs and Jon Oberheide, CTO of DUO Security, claim to have found multiple ways to bypass the software known as Bouncer.

The automated system scans Android apps submitted to the Google Play store before they are made available to the public to make sure they do not contain any malicious code.

Miller and Oberheide claim that it is possible to tell if an app has been downloaded and is being run on an actual Android device, such as a smartphone or tablet, or if it has been activated in Bouncer's virtual testing environment.

If apps hide their malicious tricks - whether that be sending premium rate text messages or searching for sensitive data in a user's address book - while Bouncer is running then the security software will not exclude them from Google Play.

The researchers discovered that Google used a single Gmail account to test apps, to see if they would try and access that account and steal any of its contents.

The Miles.Karlson@gmail.com account only contained a single image of Lady Gaga and a photo of a cat, and the only address in its list of contacts was Michelle.k.levin@gmail.com.

In a YouTube video the two security experts showed that they could use this information to tell when one of their apps uploaded to the Google Play store was being tested.

Not only could Bouncer be bypassed using this method, the men were also able to access the security software's virtual environment and learn more about it.

Graham Cluley, senior technology consultant at Sophos, said the concept of malware using smart tricks to determine when it is being analysed or examined is not a new one.

"For instance, there has been much Windows malware over the years which has incorporated anti-sandboxing, virtual machine detection and anti-debugging tricks to make analysis more difficult," Cluley said.

"There seems little doubt that we will see criminals using similar tricks when attempting to get their malware into the Google Play marketplace in the future. As ever, the battle continues with one side trying to get an advantage over the other."

Miller and Oberheide shared their findings with Google so the company could correct the problem, before presenting the information at a New York security conference.