x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Android 4.2 spreads security to third-party app stores: here is how

Android 4.2 spreads security to third-party app stores: here is how

Posted: , by Victor H.

Tags :

Android 4.2 spreads security to third-party app stores: here is how
A few days ago, we started talking about security and malware on Android. Or rather the lack of malware on Google Play. We mentioned Android’s sandboxing model that bars apps from damaging the core OS, and made it clear that as of Android 4.1 Jelly Bean the main threat for Android users comes from their own actions, not the app market.

If a user downloads apps from third-party app stores, however, he faces two possible threats: rogue/spyware applications and premium SMS apps.

Android 4.2 however effectively deals with those two last threats as well, and now we know how.

Bouncer, Google Play's security system in a nutshell

To understand the mechanism, we have to take a look back at February 2012 when Google introduced the Bouncer system that continuously scans and analyzes every single app submitted on the Play Store, and goes to such great lengths as to actually run every app on a cloud simulator to check its actual behavior. The end result is that Google Play - contrary to the paranoia some software vendors try to spread - has become a very clean place.

A little disclaimer to be perfectly exact: it is not impossible to circumvent the Bouncer system as it runs a virtual environment and that could be detected, but it is extremely hard to crack it. And given the consequences for the developer account that does, it is hard to imagine Android security cracked.

Now, Bouncer is pretty much a sealed box for the public. Reverse-engineering it, though, has revealed that what it does is effectively detect the most common threats from spyware and premiums SMS apps. If an app tries to steal your contacts, Bouncer detects it. If an app tries to send a message to a premium number, Bouncer detects it. If an app, steals your photos? You guessed it right, Bouncer detects it.

Android 4.2 brings Bouncer to sideloaded apps

Android 4.2 spreads security to third-party app stores: here is how
The big news with Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check apps you download on the Amazon Appstore. Or an anonymous Chinese app catalog. 

Whenever you try to ‘sideload’ an app (install it from a different source than the official market, that is), the system will kick in and instantaneously run that same very detailed check on Google’s servers. Speed here is important, and in Android's case, you won't even notice the check.

"The server does all the hard work," Android VP of Engineering Hiroshi Lockheimer explained. "The device sends only a signature of the APK so that the server can identify it rapidly."

The new service is not mandatory in a typical open Google fashion. The first time you try to sideload an app on your Android 4.2 device, a pop-up will appear asking you whether you want to verify apps. Best of all, when an app raises some red flags with its behavior, but can’t be definitely written off as malware, you get to choose whether to install it or not AFTER reviewing what it has access to. This way, even if you are paranoid about security, you still would not need to read every single time the components an app has permissions to access.

And even the permissions screen has been tweaked adding illustrative icons, so you can take a quick glance instead of reading it.

This is definitely another huge step for Android security and reiterates Google’s commitment to openness. Instead of leaving its app protection system for the Play Store only, the company spreads it to sideloaded apps and thus makes third-party app catalogs more secure. We can only applaud Google for that.

source: Computer World

App permissions on Android 4.1 (left) and 4.2 (right)

App permissions on Android 4.1 (left) and 4.2 (right)

  • Options

posted on 02 Nov 2012, 04:47 14

1. Marule (Posts: 3; Member since: 02 Nov 2012)

Nice Work

posted on 02 Nov 2012, 04:56 3

2. Mr.Mr.Upgrade (Posts: 474; Member since: 30 Aug 2011)

Now they need to fix the updates

posted on 02 Nov 2012, 05:17 11

3. Victor.H (Posts: 785; Member since: 27 May 2011)

They are pretty much doing exactly that with the Nexus 4. The fact that it does not have LTE means Google was ready to make a huge sales compromise (obviously, you won't be able to get it subsidized on Verizon and AT&T) to make sure users get the best experience with updates. Now, let's hope this Nexus 4 gets the traction it needs to teach carriers a lesson about updates.

posted on 02 Nov 2012, 05:48 1

7. Aeires (unregistered)

If they treat it like Chrome and the N7, it should. It's great to see Google advertisements, they should continue that trend with the N4 and N10. Not only that, this is the most powerful Nexus yet so it's looking good for Google getting more established in circumventing carrier BS.

posted on 02 Nov 2012, 06:29 3

12. jan25 (Posts: 470; Member since: 26 Feb 2012)

i don't think they are doing a sales compromise. i am willing to bet this Nexus will do even better than many of it's predecessors mainly because of its price. many people don't care about LTE and 16 GB are plenty enough for the average user. the Nexus 7 is a great example of that. hopefully one day those carriers will surrender to Google's demand (instant updates and lack of bloatware) if they find the Nexus to be a great success.

posted on 02 Nov 2012, 07:53

13. protozeloz (Posts: 5396; Member since: 16 Sep 2010)


posted on 02 Nov 2012, 05:23 1

4. SuperMaoriBro (Posts: 533; Member since: 23 Jun 2012)

I frappin love googles openess to do this sort of thing conpared to the closed almost arrogant feel of some other oses out there

posted on 02 Nov 2012, 05:42 6

5. TylerGrunter (Posts: 1543; Member since: 16 Feb 2012)

Superb, I'm liking your articles more and more Victor. Well written and very informative.
This feature help me some as I have two other app shops in my Android.

posted on 02 Nov 2012, 06:20

10. Victor.H (Posts: 785; Member since: 27 May 2011)


posted on 02 Nov 2012, 07:56 1

14. Ohrules (Posts: 327; Member since: 11 Jun 2012)

could you please consider comment no 9 on this article?

posted on 02 Nov 2012, 05:42 5

6. someones4 (Posts: 625; Member since: 16 Sep 2012)

it's official. Google is the best!!
Instead of barring users from sideloading apps, Google attempts to protect users from various threats regardless. A really good move.

posted on 02 Nov 2012, 05:50 3

8. Aeires (unregistered)

Awesome news, I see a lot of glass houses crashing down after some crowds read this. More people need to know about this so the FUD can stop.

posted on 02 Nov 2012, 06:13 12

9. itsjustJOH (Posts: 232; Member since: 18 Oct 2012)

Dear Phone Arena,

You guys should make an article explaining these components that apps try to access. Example, what does it mean when an app can modify and delete the contents of my USB storage? Does it only modify and/or delete the files that it create (i.e. those files that it needs to run) or does it also modify my personal files? Does it do this with my permission?

It'll be good if you could make one.

posted on 02 Nov 2012, 08:16 8

15. Victor.H (Posts: 785; Member since: 27 May 2011)

Thanks for the suggestion. It's a great idea, we'll try to make it happen.

posted on 02 Nov 2012, 06:28

11. pikapowerize (banned) (Posts: 1869; Member since: 03 May 2012)

maybe google is trying to do licensing now?

posted on 02 Nov 2012, 11:09

16. parkwaydr (Posts: 572; Member since: 07 Sep 2011)

Android to malware:
Respect my athoritaaa!!!!!

posted on 02 Nov 2012, 13:24 3

17. GeekMovement (unregistered)

Android is just getting better and better.

posted on 02 Nov 2012, 19:26 2

18. parkwaydr (Posts: 572; Member since: 07 Sep 2011)

yes it is, and im loving every minute of it.

Want to comment? Please login or register.

Latest stories