Security researchers Jon Oberheide and Charlie Miller have identified security flaw in the Google’s automated malware detection system(Android Bouncer).
Android Bouncer is an automated application scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device.
Researchers preparing a presentation for this week’s SummerCon conference and demonstrating how Bouncer can be bypassed to slip malicious apps into the Android Market.
"we’re going to submit an application to the Android Market and get a connect-back shell on the Bouncer instance when it attempts its runtime dynamic analysis of our mobile application. This allows us to explore the Bouncer environment with an interactive remote shell." Research said.
After they upload their “malicious” APK to Google Play, they await the connect-back. Once the callback is received, they are able to run a remote interactive shell on an emulated Android device.
Apparently, this allows them to obtain the Bouncer environment’s kernel version, filesystem contents, and other data.
"So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user’s device."