Android 4.2 Will Auto-Scan Apps for Security

Android 4.2 JellybeanOf course all apps should undergo some good mobile app testing, but if you’re focusing on Android app testing, you’ll want to pay special attention to security testing. The next version of the Android platform – version 4.2 – will have a special feature that automatically scans app and flags malicious or suspicious downloads, even if they’re not from Google Play. Here are the details from Fox News:

The app scanner, which was hinted at last month, is a thin client of the Google Play store’s Bouncer software, which scans every app uploaded to the official Android app store.

If you choose to “sideload” an app from elsewhere directly to your device, Android 4.2 will prompt you to “verify” it. …

If Google’s app scanner flags the app as dangerous, installation will be blocked. If the app is questionable, the user will be warned, but allowed to proceed.

The scanner will also warn users if they’re about to send a premium SMS message, which is a common attack method and a major issue for users particularly in Russia and China. Malicious copycat apps in third party stores send unauthorized premium messages from a user’s phone and the user is stuck footing the bill.

Criminals in the former Soviet Union make easy money by setting up fly-by-night premium-SMS services, then flooding off-road app stores with corrupted clones of legitimate apps such as “Angry Birds.”

The pirated apps contain malware that silently sends and receives premium text messages, which are immediately billed to the unsuspecting user.

Now, if a number is recognized as belonging to a premium-SMS service, Android 4.2 can block the SMS transmission before it goes through.

Read the full article at Fox News >>>

While the scanner will likely pick up intentionally malicious apps for the most part, it’s not out of the realm of possibility that a legitimate app with poor security could be compromised and subsequently flagged. Remember, when a user sees a problem, they are going to blame the developer – no matter where the malicious code came from. All it takes is one review telling potential users that your app is malicious to sink the entire product. So before you launch your app, make sure there aren’t any vulnerabilities. Security test your app, especially if it’s for Android.

Leave a Reply

Your email address will not be published. Required fields are marked *