Recently, there's been a lot of news of malware in the Android Market, to that end, Google Mobile developed a new service codenamed "Bouncer," which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process. The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts.
How it works? "once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google's cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back," explains Google's VP of Engineering, Android, Hiroshi Lockheimer, in a February 2, blog post.
Writing further Hiroshi notes, "The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise."
Hiroshi revealed some of Android's core security features includes:
- Android platform uses a technique called "Sandboxing" to put virtual walls between applications and other software on the device. So, "if you download a malicious application, it can't access data on other parts of your phone and its potential harm is drastically limited," informs Hiroshi.
- Android permission system help you understand the capabilities of the apps you install, and manage your own preferences. That way, if you see a game unnecessarily requests permission to send SMS, for example, you don't need to install it.
- Malware removal: Android is designed to prevent malware from modifying the platform or hiding from you, so it can be easily removed if your device is affected. Android Market also has the capability of remotely removing malware from your phone or tablet, if required.
Hiroshi also shared that the last year has been a phenomenal one for the Android ecosystem. "Device activations grew 250% year-on-year, and the total number of app downloads from Android Market topped 11 billion."
In other Android new, Android Developers team today introduced new Social API in Andorid 4.0 Ice Cream Sandwitch. "Android is an open platform, and in Ice Cream Sandwich we provide a rich new API to allow any social networking application to integrate with the system," informed Daniel Lehmann, Tech Lead on Android Apps team.
"With Android ICS, we set out to build software that supports emotional connections between humans and the devices they carry. We wanted to build the most personal device that the user has ever owned," said Lehmann.
Adding, he said, "the first ingredient in our recipe is to show users the people that they care about most in a magazine-like way. High-resolution photos replace simple lists of text. And, the second ingredient is to more prominently visualize their friends' activities. We show updates from multiple sources wherever a contact is displayed, without the need to open each social networking app individually."
Here are some essential terms:
- RawContact is a contact as it exists in one source, for example a friend in Skype.
- Data rows exists for each piece of information that the raw contact contains (name, phone number, email address, etc.).
- A Contact joins multiple raw contacts into one aggregate. This is what the user perceives as a real contact in the People and Phone apps.
- A sync adapter synchronizes its raw contacts with its cloud source. It can be bundled with a Market application (examples: Skype, Twitter, Google+).
For more detailed explaination how apps like Google+ use these APIs, and how other social networks can do the same, visit here.