Malicious mobile applications is a growing area of concern as the use of mobile devices is rising so does its attractiveness to attackers. According to the Kaspersky Security Bulletin 2012 99% of newly discovered malicious programs were targeted at the Android platform [7]. Google has a review processes for the applications that are uploaded to be placed in Google Play store but Google has a very open approach. Google requires developers to pay a $25 fee one time to submit applications for review. Google does not have a very stringent background check for developers in comparison to Apple’s [8].
Google has an automated review process for applications called Bouncer that reviews the applications submitted for malicious software or suspicious behaviors. Before the Bouncer system very little was done to review applications that were submitted, it relied on users flagging applications they viewed as malicious.
Android allows the user to load applications onto the device in ways other than through the official application store without having to modify the device. While this makes it convenient for the user to install homebrewed applications, it also opens up a security vulnerability on the device. For example the user could be browsing the web and receive a drive-by-download which could download an application to the user’s phone then prompt them to install it. The user may not pay attention and just click accept to the installation prompt. There are also many sites online that users can download applications for their device. Most of these sites do not have a review process and may be hosting repackaged applications meaning the original application may have been taken and had malware added to it and been passed off as the official version.