Google's automated "Bouncer" for apps, which should prevent harmful mobile software from appearing in the company's app store, appears to have serious blind spots. The system repeatedly scanned but let pass an app that stealthily steals personal data such as photos and contacts, reported two researchers from computer security company Trustwave at the Black Hat security conference in Las Vegas yesterday.
Nicolas Percoco and Sean Schulte are members of Trustwave's "ethical hacking" research group, known as SpiderLabs, and they created the app to probe Google's ability to vet the software uploaded to its app store. The pair said the results shows that Google needs to improve both its app-scanning system and its Android operating system.
As more people trade desktop and laptop computers for smartphones and tablets, mobile security is becoming increasingly important. Many users also behave as if everything they download from an app store is safe.