Here’s good news for CISOs worried about employees with Android devices bringing malware into the enterprise: Google has stepped up its efforts to eradicate dangerous applications in its app store.
In 2012 Google installed an automated software scanner called Bouncer for combing through proposed and existing apps for problems. However, while it significantly decreased the number of bad apps it didn’t eliminate them all.
Which is why on Tuesday Eunice Kim, product manager for Google Play, said in blog post that a few months ago the company created a team to manually hunt for malware violating Google developer policies before they are approved for the store. “We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks,” she wrote. “In fact, there has been no noticeable change for developers during the rollout.
To assist in this effort and provide more transparency to developers, we’ve also rolled out improvements to the way we handle publishing status. Developers now have more insight into why apps are rejected or suspended, and they can easily fix and resubmit their apps for minor policy violations.”
It’s the latest in a number of steps Google has taken to improve security on its mobile platform, including Android for Work.
A number of industry and vendor reports have warned CISOs of the dangers of Android apps, although many of the problems are with numous apps available outside of Google Play. That’s because Google’s open ecosystem doesn’t force developers to post apps in the store.