Linked by Thom Holwerda on Thu 2nd Feb 2012 23:11 UTC, submitted by fran
Google "Google has added an automated scanning process that is designed to keep malicious apps out of the Android Market , the company announced today. The new service, code-named 'Bouncer', scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. Every app is then run on Google's cloud infrastructure to simulate how the software would operate on an Android device, he said. Existing apps are continuously analyzed, too."
Permalink for comment 505733
To read all comments associated with this story, please click here.
It's the only realistic option
by skandalfo on Fri 3rd Feb 2012 06:25 UTC in reply to "Comment by ilovebeer"
skandalfo
Member since:
2010-04-07

Being responsible for Code Quality Assurance at work, I can tell you that anything requiring human assessment for this is:

a) Unrealistic (without the application source code).

b) Non-scalable.

c) Subject to subjective criteria and manipulation, and thus criticism (see the problems with the Apple App Store).

I think their approach (automatic scanning for raising red flags with human inspection for confirmation) is the only one that's possible, unless you are prepared to give up on openness.

Disclaimer: Part of my work is implementing automatic criteria for code quality. Computer calculated metrics aren't perfect, but help things improve over time (instead of degrading), and are the only thing that can be realistically deployed without impacting too much on developer turnaround due to an excess of bureaucracy...

Reply Parent Score: 7