Google App Verification Service Detects Only 15% of Infected Apps

ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."

It's a placebo

[Shaman]

Much like Windows Defender. Or in the case of Window 8, Window Defender.

Re:It's a placebo

First post bashes Windows 8 in completely unrelated story, modded +5 Funny already... yup, this is Slashdot. Looks like no one wants to talk about the malware problem on android, so let's bash Windows 8 instead!

Re:It's a placebo

You mad bro?

Re:It's a placebo

[poetmatt]

windows is fading out of relevance, but never let a lazy microsoft troll poo poo on the bashing of an irrelevant OS!

I wonder what trolls are going to move to in the next year or two?

http://communities-dominate.blogs.com/brands/2012/12/android-won-windows-lost-now-what-the-battle-of-the-century-is-decided-microsoft-relegated-to-ever-s.html

Re:It's a placebo

What malware problem?

You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?

That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.

Re:It's a placebo

No he's merely pointing out that if any story on slashdot appears to cast android/google or FOSS in a bad light, then you can guarantee that the thread will fill up with trolls trying to stop the conversation even getting started.

These are hard core linux fanatics doing this. Don't be fooled

Re:It's a placebo

[thetoadwarrior]

Except he has a point. He's relating android to MSE which also ranks poorly against the alternatives. The problem is people will trust the freebie from google (or MS) because they assume they would do everything to protect their software which is untrue if they're giving it away for free.

Re:It's a placebo

[thetoadwarrior]

Except there are valid reasons to enable the ability to get external software until google builds in access to amazon and other sources. Also it naive to assume just because it is in google's store that it's safe and thanks to vague security warnings and an all or nothing approach google teaches uses to disregard safety.

Re:It's a placebo

[poetmatt]

Android (linux) is so far ahead of Microsoft and Apple in sales that your trolling is comedy.

Re:It's a placebo

[swillden]

Well, yes. I expect my computer to just work, I am entitled to that which I paid for. If Android can't just work then I have no reason to leave the Apple ecosystem.

So what will you do when your Apple device doesn't just work?

http://www.forbes.com/sites/adriankingsleyhughes/2012/07/06/first-ios-malware-hits-app-store/

Re:It's a placebo

[CastrTroy]

It's ok to sideload stuff from Amazon, and other markets, but that doesn't mean it shouldn't raise some red flags when the app asks for permissions it doesn't need. Also, if You're download a 99 cent app from a warez site, you are a cheapskate, and are almost asking to get conned. That's less than a cup of coffee, or a chocolate bar at most places.

Re:It's a placebo

When the first post bashes Microsoft? FUNNY!

When the first post praises Microsoft? OMG SLASHDOT IS OVERRUN WITH MICROSOFT SHILLS!!!!!

Re:It's a placebo

Apple has a 'walled garden' approach to their app store.

This is because it's centralized under them and they are zealots when it comes to controlling things internally.

So they do - and it keeps the total number of infected apps to single digits. I'm aware of 1.

I'm not saying Google is 'bad' or this makes Apple 'good'.

But it is safer. The user tends to be stupid, this is a cell phone and everyone has them.

Re:It's a placebo

[mapkinase]

> "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this"

You might not believe me, but this is not a definition of malware. Malware does "mal" with the "ware" you provided.

Re:It's a placebo

[thetoadwarrior]

Apparently you missed the submission last night with the guy complaining about an app costing something like $3. Not that I'm a skin flint but most people are when it comes to mobile software which is no surprise. if you buy some budget range Android phone (which I suspect are the majority of Android phones sold) then you're not exactly the sort to splash out cash on apps.

Re:It's a placebo

Except that no other company has access to their entire application database, and they make it stupidly hard for anyone to have a look at a good number of applications in bulk.

So consider this:

Consider the "only malware" that was available in the app store was detected only by ... oh wait, it wasn't. The author came out and said "HEY LOOK AT ME! VIRUS!!!!111". Add in the flashlight tethering app of a few years ago, which was detected by the store review.... OH WAIT, it was only banned after the news spread like wildfire.

So don't worry, closing your eyes and hiding under the blanket makes the evil scary monsters go away.

Of note: I have a friend who can't update her i phone, and nobody can tell her why (even the techs in store). It's past warranty, so she can't just replace it without charge. Separately, her friend constantly complains about battery life - so much so, she has an external battery sled. Neither are jail broken (she thinks it's dangerous).

I wonder if they got infected with something.

Re:It's a placebo

He's relating android to MSE which also ranks poorly against the alternatives.

It depends on what you want in your AV. According to the testing firm, MSE scores well in detecting and blocking widespread and recent infections, which in their tests represent over 270,000 samples. MSE scored poorly in detecting zero day exploits, which represented 100 samples. MSE also scored better than average in system impact and false positives. For those that scored higher on detecting malware, you also see higher system impact and false positives. MSE had the lowest system impact of any AV solution by a wide margin. So if you're a careful user and you want protection from malware with minimal system impact, MSE is simply the best choice for you.

Re:It's a placebo

Except that there is no built-in granular control on what to grant or not grant when it comes to permissions. Google app permissions are all or nothing, even on things that don't make sense*. If you don't agree to the permissions, go fish. I have no such issue in BB. I can grant or revoke individual permissions after the app is installed. If it doesn't work after that, it comes right off.

* I found three flashlight BB apps that will not work without Internet access. The camera/camcorder I understand, because the flashlight is associated with that side of the hardware, but Internet?! Really?

Re:It's a placebo

[Citizen+of+Earth]

When looking at global marketshare for all devices (tablet, mobile, and desktop)

You forgot to count "servers".

Re:It's a placebo

You are cheapskate.. or you're stuck stuck in China where any Google service works intermittently at best.. or you signed a 2-year contract with a Nazi mobile provider who filters all the useful apps from your Play store.. or you're in one of many countries where Google Play doesn't offer any local payment methods.. or.. well, there are many legitimate reasons really. The one cheapskate I ran into today is you, because you didn't take a moment to try and see the world from other people's perspectives.

Re:It's a placebo

What malware problem?

The malware problem malware solution vendors are selling solutions to.

The "Researchers" responsible for this claim are/is Xuxian Jiang, head of NQ Mobile Security, "Powerful protection for your phone." http://en.nq.com/.

Traditional malware protection vendors are like buggy-whip polish sellers (made from pure snake oil!). As Windows goes through its death throes, they're dropping off the carcass and looking for a healthy host to hook their parasitic little jaws into..

Hence the spate of Android malware accusation. Real Android malware is vanishingly rare, but you'll struggle to find genuine statistics amongst all the money-driven fear mongering.

Re:It's a placebo

[maccodemonkey]

What malware problem?

You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?

That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.

I'm confused. Are you a Windows or Android apologist?

Re:It's a placebo

No, it is a placebo. It makes people feel better about it when it does nothing at all. The one Window joke was also funny. So +5 it is.

Re:It's a placebo

What do you do in the (incredibly rare) instance your Apple device doesn't work? support.apple.com for starters. Or call AppleCare ($20 max for out-of-warranty tech support). And most importantly to Apple's current success--take it to an Apple store, if you have one near you. This convenience is often overlooked when it comes to tech newbs and neophytes purchasing decisions. Don't know how to use your shiny iPhone? Take it to an Apple store and they'll spend as much time with you as you want, for free...and they won't even try to cycle you out (like turning tables at a restaurant) because they are not commissioned.

Re:It's a placebo

[Xacid]

Meh. I figure you're joking but the decade-old meme is getting, well, old.

As far as the free antivirus solutions go for PC, it's one of the top three fairly consistently on the reviews I've come across. And with Windows 8 - it's automatically installed and running in the background so the n00b end-user we all love to complain about should be less of a vector than usual. This is typically regarded as a good thing for most sane folks.

So yeah, a little more than just a placebo.

Re:It's a placebo

[mutified]

So, you believe that since someone is stupid they deserve to have their possession stolen? This is important because I know you're not the smartest guy and therefore you deserve the same thing. Good Luck with that attitude.

the methods are probably patented

[alen]

chances are that Lookout and others have already patented their methods and google should just use their work for free and then call them patent trolls and how their inventions are totally obvious

Re:the methods are probably patented

[neokushan]

You've got a (fairly-low) 6-digit user ID, yet you're trolling like a common AC. You seem to have some sort of vendetta against Google. Maybe you should just...drop whatever silly little issue it is that you have with them and just get on with life?

Re:the methods are probably patented

Yea, why should anyone scrutinize an ad network with a HUGE reach into geeks daily lives, they're our friends!

Re:the methods are probably patented

I don't know if some nonsense troll speculating about something that won't happen in the near future qualifies as "scrutiny" of Google's even more unrelated ad network.

But you both get an A for effort.

Re:the methods are probably patented

[poetmatt]

umm, you realize that a ton of troll accounts were created in the 175k-230k UID range, right?

He basically forgot to click the Anon box.

Re:the methods are probably patented

[neokushan]

Actually no, I did not realise that. My own user ID is a good reflection upon when I joined Slashdot. Was there some sort of botting incident or something that happened before then?

Re:the methods are probably patented

I may be reading too much into it, but the post from alen seems to be more pointed at the current state of patents and Apple vs. Google. Then again maybe that just the angle I prefer to view.

Re:the methods are probably patented

Actually no, I did not realise that. My own user ID is a good reflection upon when I joined Slashdot. Was there some sort of botting incident or something that happened before then?

No, that's before the tacosnotting rings were broken up. Those were dark days.

Re:the methods are probably patented

[mrbester]

Damn. That explains a lot.

Re:the methods are probably patented

[poetmatt]

hahaha :) a ton != all.

No problem here

[vlm]

Whew luckily no problem here, my motorola defy has so much crapware in the rom, almost as bad as a windows PC, that is so out of date that it's all got updates (now wasting twice the memory) that I don't have to worry about "apps" because I have no space to download apps after installing a very basic set of apps (dropbox, kindle reader, tunein radio, evernote, runkeeper, that kind of can't live without it stuff)

Probably google would make a heck of a lot more money forcing mfgrs to make it possible for users to download apps, than they would by trying to make clean apps that I can't afford to download anyway.

Re:No problem here

[schitso]

The solution.

Re:No problem here

[h4rr4r]

Perhaps you should look in a mirror for who to blame on that purchase? Next time do a little research.

Re:No problem here

How exactly is a rooted ROM a solution to malware problem? It is not like it doesn't run the same apps as any other ROM ...

Re:No problem here

Awesome. Everyone has to vet their own app purchases. Perhaps read the source code too.

Just like you verify & test the wiring harness in every car you buy, right?

No, it's not a huge fucking redundant waste of time or anything, right?

Re:No problem here

[h4rr4r]

Because his complaint is really the crap that was in the ROM his provider installed. Not malware.

There are two solutions for this, the first being do some research before buying a smartphone the other being install a ROM that does not include this sort of bloatware.

Re:No problem here

[h4rr4r]

Way to not read the GP at all.

He is discussing bloatware that came with his phone, not malware he bought later. Had he bought a device with 4.0+ he could disable it, but that would not get him the space back either. If you are about to tell me about some uninstall updates button and no disable, press that button and you shall receive the disable button.

Typical Stupid AC, if you had some brains maybe you could figure out how to get an account.

Re:No problem here

[schitso]

Exactly. Thank you.

False positive rate?

[gman003]

I wonder, what's the false positive rate on these "third-party" systems? It's easy to make a system that detects 100% of malware as malware - just deny everything.

Re:False positive rate?

[Cenan]

Exactly. And it's not even a rookie mistake, the guy is an assoicate professor, yet there is a whole angle of his research missing. Might be just a rush to get it done before anyone else?

We've known virus scanners don't work since.

[i+kan+reed]

What? 2000, maybe? More specifically, they're part of the test cases of virus writers, who develop until they are circumvented. Why would anyone imagine they do anything useful?

15% detection rate?

[Revotron]

McAfee would kill for that.

Re:15% detection rate?

[h4rr4r]

So be careful not to live next to him, he has already shown he will do it.

Re:15% detection rate?

No , that was for the 15% purity rate, not the detection rate.

Re:15% detection rate?

So be careful not to live next to him, he has already shown he will do it.

You ruined the joke, but what killed it deader than Reiser's wife is that three mods thought explaining the joke was funny.

Re:15% detection rate?

[helix2301]

I had an iPhone and I hated all the app restrictions. I am willing to deal with a little malware to have more open source phone. Plus 15% is not bad we have so many Virus ridden machines come in the store and they have Avast, Nortain or McAfee I really thing virus and malware detection is BS anymore.

I don't want/need this on my phone.

[DavidClarkeHR]

Well, it's a good thing there are 3rd party options.

I don't want/need additional bloat on my phone - I don't install random apps, and I'm quite comfortable wiping the phone to update it. Sure, I'll use a scanner if/when I start installing random things, but it's basic online hygene. I don't install random programs on my computer, but I do use a 3rd party antivirus because of all the browsing I do. That isn't something I do on my phone, and when it is, I will take the appropriate precautions.

Re:I don't want/need this on my phone.

[BasilBrush]

I don't want or need it either. I have an iPhone.

Bias?

The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

Will they follow up in 6 months? Doubtful, since the results would put Google near the lead, and this article looks like anti-Google.

What happened to researchers these days? Where's the objectivity?

Re:Bias?

[93+Escort+Wagon]

The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

In other words... its functionality was reviewed in a similar manner to iOS Maps?

Re:Bias?

[gagol]

It is a shame this post was from AC, it will fall under threshold unless we give it a deserved bump. Thank you!

Re:Bias?

[Cenan]

Your premise is wrong. Why should any kind of antivirues algorithm/software be excused for being "new"? You're either capable of detecting malware or you don't release. You aren't supposed to "learn on the job" with malware detection

Re:Bias?

[tooyoung]

The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

Would you apply this logic to all products and services, including those made by Apple, Sony, and Microsoft? How long should a service be available before a review or study is acceptable?

Re:Bias?

Don't know about him, but others do.

iOS6 maps threads had their fair share of "they're still young and you're comparing them to years of experience of Google, Nokia and MS" and "Why WP7 is a flop" reviews had "You're too hasty to bury it, remember when Android and iOS were new entrants?"

Re:Bias?

[rh2600]

Why not? For all we know their detection may be bayesian based and still has "learning" to do in the field. Maybe this learning can take place in a matter of days with a sampling size as large as Android's. I think a trade-off of some start-up time in return for a system that can cope better with new attempts to circumvent its detection the better. FWIW this article is a beat-up - Google have multiple layers to their malware detection, and they've only tested one layer.

Or maybe...

[GeLeTo]

The malware developers test and try to circumvent the Google scanner and don't bother with third-party security apps. If Google buys an app with 100% detection rate and uses it in their scanner, guess what the detection rate will be a few months later.

Re:Or maybe...

I'll play! eh, 100%.

Re:Or maybe...

[tandr]

115% ? ... because of false positives

Re:Or maybe...

[legrimpeur]

so the "walled garden" has at least one advantage?

Re:Or maybe...

Nope, still 0.

There's a big scary warning when you enable off-market installs, specifically stating that ZOMG BADTHINGS, DELETED INFOS, BRICKED DEVICES. If the user is too stupid to read, then that's their problem.

Plus, this specific implementation of walled garden only hides that there may be malware. Charlie Miller had to come out and yell to the world, otherwise his app and his developer certificate would still be on the market today.

But, it's 100% at reporting your apps to Google

[GodfatherofSoul]

n/t

Re:But, it's 100% at reporting your apps to Google

...just like the Play Store?

This is not a bad thing.

Can't expect something that operates in this manner to have a high detection rate - it's another layer that provides a benefit. It's a win in my book. The failing of this system, IMO, is that it requires user intervention. As we all know, and has been shown with the advent of technology for the masses, people will just click "ok" to get past warning messages - without reading them. It's a start, though!

That's OK

Because we all 'know' that business is about making money, the 'effort' on Google's part would seem counterproductive anyway, right?

Infected?

[rumith]

I wonder if this is the correct term: "infected" means that the author had written a benign application, while an attacker somehow got control over his distribution channel and modified the app to his needs. Meanwhile, I believe that in a significant number of cases cheap apps are written and distributed by malicious authors. So yep, they're dangerous, and no, they're neither infected nor otherwise modified.

Explain.

[LoudMusic]

So who detected the remaining 85% in order to give us this statistic of 15% detection rate? And why isn't that being used instead?

Re:Explain.

[Cenan]

All the samples fed to the various detectors were infected, that's the problem with this "research", they lack a control group.

Re:Explain.

Uhhh... Let me work that out for you. Lets say we have 100 samples. 15 were detected. That is a 15% detection rate.

Actual detection?

[bickerdyke]

Does any of the mentioned "existing third party products" really DETECT malware? Or do they only check apks against lists of manually compiled checksums?

Why "only"?

[allo]

It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.

Re:Why "only"?

[godel_56]

It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.

But looking at the alternatives (from TFA) even lowly ClamAV detected 51%, and two of the commercial programs detected 100% of the malware samples (looks like Avast and Symantec).

If you're beaten by ClamAV, well man, that is embarrassing. Oh, and Clam is free as well.

Re:Why "only"?

[allo]

clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.

Re:Why "only"?

[godel_56]

clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.

Users aren't concerned with how it works, only if it works, and to some extent how much it costs. The Google service may actually be harmful by giving a false sense of security to noob users.

Re:Why "only"?

[hobarrera]

Not really, because it gives users a false sense of security - they belive the apps have been scanner, but they've been scanner rather poorly.

Re:Why "only"?

[allo]

still better than not scanned.

Re:Why "only"?

[hobarrera]

Not really.
If you tell users that apps have been scanned, they install them with a [false] sense of security, beliving that the scanning process is protecting them.
If you tell them stuff isn't scanned, they'll probably tend to be slightly more careful (lots will still screw up though).

Re:Why "only"?

[allo]

Google does not tell its scanning. It just does it, and alerts the user, if its malware-positive. If its negative, the user gets no message at all.

Incorrect use of word "Malware"

[SuperKendall]

So what will you do when your Apple device doesn't just work?

And then you link to a story about ONE app that uploaded an address book somewhere. That was it.

How is that Malware? At best it's spyware. And it wouldn't even be able to do that under iOS6 without asking for permission to access contacts.

Meanwhile probably 25 of Android software is scraping your contacts but who cares about that? It's just expected on Android that most apps will violate you somehow I guess.

Re:Incorrect use of word "Malware"

That's okay, you keep redefining words and making stuff up.

Meanwhilst, we'll keep laughing at you.

What one found

100 percent.

Iphone? HA.

I don't want or need it either. I have an iPhone.

... and virtually no flexibility. Browser choice? HA. Oh wait, you can jailbreak? Congrats, there goes your warranty. Honestly, apple users are starting to protest just a little too hard to be credible.