Researchers Charlie Miller and Jon Oberheide have made available a teaser of their presentation at this week’s SummerCon conference in New York. They plan on demonstrating how they have been able to bypass the Android Bouncer and slip malicious apps into Google’s official app market.
Android Bouncer is a system recently introduced by Google, which automatically scans Google Play for malicious software. Its advantages are that the detection process doesn’t disrupt user experience and app developers are allowed to post their programs without too much hassle.
However, as the experts state, the system can be tricked, allowing wrongdoers to upload their malicious elements.
“We’re going to submit an application to the Android Market and get a connect-back shell on the Bouncer instance when it attempts its runtime dynamic analysis of our mobile application. This allows us to explore the Bouncer environment with an interactive remote shell,” Oberheide said.
After they upload their “malicious” APK to Google Play, they await the connect-back. Once the callback is received, they are able to run a remote interactive shell on an emulated Android device.
Apparently, this allows them to obtain the Bouncer environment’s kernel version, filesystem contents, and other data.
The method presented by Oberheide in the video is only one of the techniques that can be used to fingerprint the Bouncer environment.
The demonstration shows that cybercriminals can easily upload their malicious elements and make them appear as being harmless, while in reality they’re capable of causing serious damage to the user’s phone.
However, the experts are closely collaborating with Google's security team and they’re confident that this relatively new scanning system will be considerably improved.