Google Builds App Scanner into Android 4.2
With every new version of Android that comes out, Google has beefed up the mobile platform's security a bit. The latest release is no exception.
Android 4.2 Jelly Bean will include a built-in app scanner, according to Android vice president of engineering Hiroshi Lockheimer, who last weekspoke with Computerworld's JR Raphael.
The app scanner, which washinted at last month, is a thin client of the Google Play store's Bouncer software, which scans every app uploaded to the official Android app store.
If you choose to "sideload" an app from elsewhere directly to your device, Android 4.2 will prompt you to "verify" it.
Agreeing to the verification prompt sends data about the new app to the Google mothership, where the data is analyzed and compared with known software.
"We have a catalog of 700,000 applications in the Play Store, and beyond that, we're always scanning stuff on the Web," Lockheimer told Computerworld. "We have a pretty good understanding of the app ecosystem now, whether something's in the Play Store or not."
If Google's app scanner flags the app as dangerous, installation will be blocked. If the app is questionable, the user will be warned, but allowed to proceed.
Power users who want to live on the edge can always turn the entire feature off, but it should be an enormous help to Russian-language and Chinese-language Android users, who are plagued by infected apps found in "off-road" app markets.
Russian-speaking users will also appreciate Android 4.2's other big security feature, an alert that pops up when a smartphone is about to send or receive a premium-SMS-service text message.
Premium-SMS services are rare in the heavily regulated North American mobile market. Perhaps the best known is the Red Cross one, which charges you $10 if you text "REDCROSS" to 90999.
In Europe and Russia, such services are more common, and include "reverse billing" versions where the user is billed for a special text received.
Criminals in the former Soviet Union make easy money by setting up fly-by-night premium-SMS services, then flooding off-road app stores with corrupted clones of legitimate apps such as "Angry Birds."
The pirated apps contain malware that silently sends and receives premium text messages, which are immediately billed to the unsuspecting user.
Now, if a number is recognized as belonging to a premium-SMS service, Android 4.2 can block the SMS transmission before it goes through.
The two features will go a long way in strengthening Android security, which still falls behind that of Apple's iOS and BlackBerry's mobile platforms.
Android 4.2, which confusingly shared the Jelly Bean code name with its predecessor, Android 4.1, makes its debut with the releases of the Nexus 4 phone and Nexus 10 tablet next week.
Despite the robust security, users of those devices will still want to go to the Google Play store and avail themselves of the many free and paid third-party security apps, which have many more features than Jelly Bean's stock options.