Security researchers at Trustwave say that they have found a hole in Google’s Bouncer malware detection system for its Android app store.
Trustwave claims it was able to submit a benign Android app to the Google Play store but then gradually update it to introduce malicious functionality without triggering Bouncer’s malware alert.
The researchers used an app called SMS Blocker, which was a legit and fully functioning app when it was first submitted.
Trustwave then wanted to check if the Bouncer system could find something which was already on Google Play that had, in effect, turned bad.
The researchers updated SMS Blocker 11 times with code unrelated to its main functions that could instead have allowed it to delve into a phone’s logs, contacts and photos without a user’s permission or even launch malicious websites.
The code sneaked through mainly because Trustwave used a special “cloaking” technique, but it’s the kind of approach that actual malware creators could use.
When the researchers dropped their cloaking technology in a further update, Bouncer is said to have finally detected the nefarious code and chucked it out of the Google Play store.
Trustwave’s researchers are presenting their findings at the Black Hat and Defcon security conferences in Las Vegas this week. Security specialists often try to pick holes in systems as a proof-of-concept and to highlight the issue to the companies whose products are potentially at risk.
CNET reports that the Trustwave team has contacted Google and will be meeting with Android researchers at the Las Vegas security conferences to discuss the issue. It’s certainly one way to get yourself noticed.