This piece from Wired gives details of mobile app security testing at Google and, in particular, the application of machine learning.
Google automates its mobile app security testing with a system called Bouncer to analyze mobile apps for malicious applications and the permissions it requests. The kind of mobile app security testing here seems to be some static analysis and also dynamic analysis to examine runtime behaviour.
This technology has been at use at Google for a while, however, machine learning is now being used to gather data about each app to understand the behaviour that defines each app to track down malware.
It’s also clear that Google is trying to find ways to compete with the range of Android devices from OEMs with it’s own onsite device testing labs. It’s interesting to see the numerous techniques Google use to solve the problem of mobile app security testing, however, there’s no indication of checking client side vulnerabilities or code quality.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing in under a minute try out Codified Security Instant.