As Android has grown from a small hobbyists OS to the mainstream-conquering behemoth it is today, so has the amount of malware directed towards it. A large chunk of the problem comes from malicious apps that make it into the Android Market - often times, duplicates of popular apps with a few strings of code thrown in that allow the app to transmit personal information or hijack the device.
Makers of anti-virus apps claim that there's more malware in the market than ever, painting the picture of a wild west-esque place that's ever-more attractive to the scum of the app universe. Not so, says Google: they have created a virtual bouncer (deceptively named "Bouncer") to automatically scan the Market "for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process." In slightly longer-form:
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
The service isn't actually new (it's been around for "a number of months"), and the company says it has already resulted in a 40% decrease in the number of potentially-malicious downloads from the Market.
In addition, they mention that Android was built from the start with security in mind. Things like sandboxing (keeping different parts of the OS separate so that malicious apps can't access certain things) and the permission confirmation system play a part, as do Google's malware removal tools.
For more details on Bouncer and Android security in general, hit up Computer World's Q&A with Hiroshi Lockheimer, Android's VP of Engineering.[Source: Google Mobile. Read more: Computer World]