Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Google Android Security IT Technology

Researchers Beat Google's Bouncer 44

An anonymous reader writes "When earlier this year Google introduced Bouncer — an automated app scanning service that analyzes apps by running them on Google's cloud infrastructure and simulating how they will run on an Android device — it shared practically nothing about how it operates, in the hopes of making malicious app developers' scramble for a while to discover how to bypass it. As it turned out, several months later security researchers Jon Oberheide and Charlie Miller discovered — among other things — just what kind of virtual environment Bouncer uses (the QEMU processor emulator) and that all requests coming from Google came from a specific IP block, and made an app that was instructed to behave as a legitimate one every time it detected this specific virtual environment. Now two more researchers have effectively proved that Bouncer can be rather easily fooled into considering a malicious app harmless."
This discussion has been archived. No new comments can be posted.

Researchers Beat Google's Bouncer

Comments Filter:
  • Re:Meh (Score:3, Funny)

    by localman57 ( 1340533 ) on Friday July 27, 2012 @12:23PM (#40791959)

    I thought bunch of nerds gave a drubbing to a bouncer at Google-sponsored party.

    Just out of curiousity, when have a bunch of nerds -- ever -- given a drubbing to a bouncer? (Physical drubbings only please, chicken-shit revenge tactics don't count...)

Getting the job done is no excuse for not following the rules. Corollary: Following the rules will not get the job done.

Working...