Mobile security researchers say they have identified flaws in Google's system to keep malware off Google Play.
Duo Security's Jon Oberheide and Charlie Miller say they exploited weaknesses in Google's Bouncer service to sneak malicious apps on to the Android market. Oberheide demonstrated in a video presentation (see below) how he submitted a fake app and used a remote shell it got access to when Bouncer attempted to analyze the app.
<snip>
Unlike Apple, which vets every iPhone app before it hits the iTunes Marketplace, Google does not require pre-approval for Android apps. Instead, it does the screening of the apps behind the scenes when the developers upload them to the Android Market.
However, "while Bouncer may be unable to catch sophisticated malware from knowledgeable adversaries currently, we're confident that Google will continue to improve and evolve its capabilities," Oberheide wrote in a companion blog post. "We've been in touch with the Android security team and will be working with them to address some of the problems we've discovered."
CNET has contacted Google for comment and will update this report when we learn more.
Read more