Google App Verification Service Detects Only 15% of Infected Apps

← Back to Stories (view on slashdot.org)

Google App Verification Service Detects Only 15% of Infected Apps

Posted by samzenpus on Monday December 10, 2012 @03:16AM from the low-expectations dept.

ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."

55 of 99 comments (clear)

Min score:

Reason:

Sort:

It's a placebo by Shaman · 2012-12-10 03:20 · Score: 3, Funny

Much like Windows Defender. Or in the case of Window 8, Window Defender.

--
...Steve
1. Re:It's a placebo by Anonymous Coward · 2012-12-10 03:42 · Score: 1, Insightful
  
  First post bashes Windows 8 in completely unrelated story, modded +5 Funny already... yup, this is Slashdot. Looks like no one wants to talk about the malware problem on android, so let's bash Windows 8 instead!
2. Re:It's a placebo by Anonymous Coward · 2012-12-10 04:18 · Score: 5, Insightful
  
  What malware problem?
  You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?
  That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.
3. Re:It's a placebo by Anonymous Coward · 2012-12-10 04:22 · Score: 1
  
  No he's merely pointing out that if any story on slashdot appears to cast android/google or FOSS in a bad light, then you can guarantee that the thread will fill up with trolls trying to stop the conversation even getting started.
  These are hard core linux fanatics doing this. Don't be fooled
4. Re:It's a placebo by thetoadwarrior · 2012-12-10 05:08 · Score: 1
  
  Except he has a point. He's relating android to MSE which also ranks poorly against the alternatives. The problem is people will trust the freebie from google (or MS) because they assume they would do everything to protect their software which is untrue if they're giving it away for free.
5. Re:It's a placebo by thetoadwarrior · 2012-12-10 05:12 · Score: 1
  
  Except there are valid reasons to enable the ability to get external software until google builds in access to amazon and other sources. Also it naive to assume just because it is in google's store that it's safe and thanks to vague security warnings and an all or nothing approach google teaches uses to disregard safety.
6. Re:It's a placebo by swillden · 2012-12-10 05:47 · Score: 2
  
  Well, yes. I expect my computer to just work, I am entitled to that which I paid for. If Android can't just work then I have no reason to leave the Apple ecosystem.
  So what will you do when your Apple device doesn't just work?
  http://www.forbes.com/sites/adriankingsleyhughes/2012/07/06/first-ios-malware-hits-app-store/
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
7. Re:It's a placebo by CastrTroy · 2012-12-10 06:20 · Score: 2
  
  It's ok to sideload stuff from Amazon, and other markets, but that doesn't mean it shouldn't raise some red flags when the app asks for permissions it doesn't need. Also, if You're download a 99 cent app from a warez site, you are a cheapskate, and are almost asking to get conned. That's less than a cup of coffee, or a chocolate bar at most places.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
8. Re:It's a placebo by mapkinase · 2012-12-10 06:51 · Score: 1
  
  > "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this"
  You might not believe me, but this is not a definition of malware. Malware does "mal" with the "ware" you provided.
  
  --
  I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
9. Re:It's a placebo by thetoadwarrior · 2012-12-10 06:59 · Score: 1
  
  Apparently you missed the submission last night with the guy complaining about an app costing something like $3. Not that I'm a skin flint but most people are when it comes to mobile software which is no surprise. if you buy some budget range Android phone (which I suspect are the majority of Android phones sold) then you're not exactly the sort to splash out cash on apps.
10. Re:It's a placebo by Anonymous Coward · 2012-12-10 07:50 · Score: 1
  
  He's relating android to MSE which also ranks poorly against the alternatives.
  It depends on what you want in your AV. According to the testing firm, MSE scores well in detecting and blocking widespread and recent infections, which in their tests represent over 270,000 samples. MSE scored poorly in detecting zero day exploits, which represented 100 samples. MSE also scored better than average in system impact and false positives. For those that scored higher on detecting malware, you also see higher system impact and false positives. MSE had the lowest system impact of any AV solution by a wide margin. So if you're a careful user and you want protection from malware with minimal system impact, MSE is simply the best choice for you.
11. Re:It's a placebo by Citizen+of+Earth · 2012-12-10 10:04 · Score: 1
  
  When looking at global marketshare for all devices (tablet, mobile, and desktop)
  You forgot to count "servers".
12. Re:It's a placebo by Anonymous Coward · 2012-12-10 11:10 · Score: 1
  
  What malware problem?
  The malware problem malware solution vendors are selling solutions to.
  The "Researchers" responsible for this claim are/is Xuxian Jiang, head of NQ Mobile Security, "Powerful protection for your phone." http://en.nq.com/.
  Traditional malware protection vendors are like buggy-whip polish sellers (made from pure snake oil!). As Windows goes through its death throes, they're dropping off the carcass and looking for a healthy host to hook their parasitic little jaws into..
  Hence the spate of Android malware accusation. Real Android malware is vanishingly rare, but you'll struggle to find genuine statistics amongst all the money-driven fear mongering.
13. Re:It's a placebo by maccodemonkey · 2012-12-10 11:49 · Score: 1
  
  What malware problem?
  You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?
  That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.
  I'm confused. Are you a Windows or Android apologist?
14. Re:It's a placebo by Xacid · 2012-12-11 02:29 · Score: 1
  
  Meh. I figure you're joking but the decade-old meme is getting, well, old.
  As far as the free antivirus solutions go for PC, it's one of the top three fairly consistently on the reviews I've come across. And with Windows 8 - it's automatically installed and running in the background so the n00b end-user we all love to complain about should be less of a vector than usual. This is typically regarded as a good thing for most sane folks.
  So yeah, a little more than just a placebo.
15. Re:It's a placebo by mutified · 2012-12-11 03:37 · Score: 1
  
  So, you believe that since someone is stupid they deserve to have their possession stolen? This is important because I know you're not the smartest guy and therefore you deserve the same thing. Good Luck with that attitude.
No problem here by vlm · 2012-12-10 03:37 · Score: 1

Whew luckily no problem here, my motorola defy has so much crapware in the rom, almost as bad as a windows PC, that is so out of date that it's all got updates (now wasting twice the memory) that I don't have to worry about "apps" because I have no space to download apps after installing a very basic set of apps (dropbox, kindle reader, tunein radio, evernote, runkeeper, that kind of can't live without it stuff)
Probably google would make a heck of a lot more money forcing mfgrs to make it possible for users to download apps, than they would by trying to make clean apps that I can't afford to download anyway.

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
1. Re:No problem here by schitso · 2012-12-10 03:39 · Score: 2, Insightful
  
  The solution.
2. Re:No problem here by h4rr4r · 2012-12-10 03:56 · Score: 1
  
  Perhaps you should look in a mirror for who to blame on that purchase? Next time do a little research.
3. Re:No problem here by Anonymous Coward · 2012-12-10 04:16 · Score: 1
  
  Awesome. Everyone has to vet their own app purchases. Perhaps read the source code too.
  Just like you verify & test the wiring harness in every car you buy, right?
  No, it's not a huge fucking redundant waste of time or anything, right?
4. Re:No problem here by h4rr4r · 2012-12-10 04:21 · Score: 2
  
  Because his complaint is really the crap that was in the ROM his provider installed. Not malware.
  There are two solutions for this, the first being do some research before buying a smartphone the other being install a ROM that does not include this sort of bloatware.
5. Re:No problem here by h4rr4r · 2012-12-10 04:23 · Score: 1
  
  Way to not read the GP at all.
  He is discussing bloatware that came with his phone, not malware he bought later. Had he bought a device with 4.0+ he could disable it, but that would not get him the space back either. If you are about to tell me about some uninstall updates button and no disable, press that button and you shall receive the disable button.
  Typical Stupid AC, if you had some brains maybe you could figure out how to get an account.
6. Re:No problem here by schitso · 2012-12-10 12:41 · Score: 1
  
  Exactly. Thank you.
False positive rate? by gman003 · 2012-12-10 03:39 · Score: 4, Interesting

I wonder, what's the false positive rate on these "third-party" systems? It's easy to make a system that detects 100% of malware as malware - just deny everything.
1. Re:False positive rate? by Cenan · 2012-12-10 05:57 · Score: 1
  
  Exactly. And it's not even a rookie mistake, the guy is an assoicate professor, yet there is a whole angle of his research missing. Might be just a rush to get it done before anyone else?
  
  --
  ... whatever ...
We've known virus scanners don't work since. by i+kan+reed · 2012-12-10 03:44 · Score: 2, Insightful

What? 2000, maybe? More specifically, they're part of the test cases of virus writers, who develop until they are circumvented. Why would anyone imagine they do anything useful?
15% detection rate? by Revotron · 2012-12-10 03:46 · Score: 4, Funny

McAfee would kill for that.
1. Re:15% detection rate? by h4rr4r · 2012-12-10 03:55 · Score: 3, Funny
  
  So be careful not to live next to him, he has already shown he will do it.
2. Re:15% detection rate? by helix2301 · 2012-12-11 02:26 · Score: 1
  
  I had an iPhone and I hated all the app restrictions. I am willing to deal with a little malware to have more open source phone. Plus 15% is not bad we have so many Virus ridden machines come in the store and they have Avast, Nortain or McAfee I really thing virus and malware detection is BS anymore.
  
  --
  http://www.thetechnologygeek.org
I don't want/need this on my phone. by DavidClarkeHR · 2012-12-10 03:47 · Score: 5, Insightful

Well, it's a good thing there are 3rd party options.

I don't want/need additional bloat on my phone - I don't install random apps, and I'm quite comfortable wiping the phone to update it. Sure, I'll use a scanner if/when I start installing random things, but it's basic online hygene. I don't install random programs on my computer, but I do use a 3rd party antivirus because of all the browsing I do. That isn't something I do on my phone, and when it is, I will take the appropriate precautions.

--
- Nec Impar Pluribus, or so I'm told.
Bias? by Anonymous Coward · 2012-12-10 03:49 · Score: 5, Interesting

The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?
Will they follow up in 6 months? Doubtful, since the results would put Google near the lead, and this article looks like anti-Google.
What happened to researchers these days? Where's the objectivity?
1. Re:Bias? by Cenan · 2012-12-10 06:08 · Score: 2
  
  Your premise is wrong. Why should any kind of antivirues algorithm/software be excused for being "new"? You're either capable of detecting malware or you don't release. You aren't supposed to "learn on the job" with malware detection
  
  --
  ... whatever ...
2. Re:Bias? by tooyoung · 2012-12-10 06:18 · Score: 1
  
  The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?
  Would you apply this logic to all products and services, including those made by Apple, Sony, and Microsoft? How long should a service be available before a review or study is acceptable?
3. Re:Bias? by rh2600 · 2012-12-10 07:33 · Score: 1
  
  Why not? For all we know their detection may be bayesian based and still has "learning" to do in the field. Maybe this learning can take place in a matter of days with a sampling size as large as Android's. I think a trade-off of some start-up time in return for a system that can cope better with new attempts to circumvent its detection the better. FWIW this article is a beat-up - Google have multiple layers to their malware detection, and they've only tested one layer.
Or maybe... by GeLeTo · 2012-12-10 03:54 · Score: 4, Insightful

The malware developers test and try to circumvent the Google scanner and don't bother with third-party security apps. If Google buys an app with 100% detection rate and uses it in their scanner, guess what the detection rate will be a few months later.
1. Re:Or maybe... by tandr · 2012-12-10 04:29 · Score: 1
  
  115% ? ... because of false positives
2. Re:Or maybe... by legrimpeur · 2012-12-10 04:45 · Score: 1
  
  so the "walled garden" has at least one advantage?
But, it's 100% at reporting your apps to Google by GodfatherofSoul · 2012-12-10 04:00 · Score: 1

n/t

--
I swear to God...I swear to God! That is NOT how you treat your human!
Re:the methods are probably patented by poetmatt · 2012-12-10 04:16 · Score: 1

umm, you realize that a ton of troll accounts were created in the 175k-230k UID range, right?
He basically forgot to click the Anon box.
Re:the methods are probably patented by neokushan · 2012-12-10 04:29 · Score: 1

Actually no, I did not realise that. My own user ID is a good reflection upon when I joined Slashdot. Was there some sort of botting incident or something that happened before then?

--
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Infected? by rumith · 2012-12-10 04:32 · Score: 1

I wonder if this is the correct term: "infected" means that the author had written a benign application, while an attacker somehow got control over his distribution channel and modified the app to his needs. Meanwhile, I believe that in a significant number of cases cheap apps are written and distributed by malicious authors. So yep, they're dangerous, and no, they're neither infected nor otherwise modified.
Re:the methods are probably patented by mrbester · 2012-12-10 04:57 · Score: 1

Damn. That explains a lot.

--
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
Re:the methods are probably patented by poetmatt · 2012-12-10 05:19 · Score: 1

hahaha :) a ton != all.
Explain. by LoudMusic · 2012-12-10 05:28 · Score: 1

So who detected the remaining 85% in order to give us this statistic of 15% detection rate? And why isn't that being used instead?

--
No sig for you. YOU GET NO SIG!
1. Re:Explain. by Cenan · 2012-12-10 06:13 · Score: 4, Informative
  
  All the samples fed to the various detectors were infected, that's the problem with this "research", they lack a control group.
  
  --
  ... whatever ...
Actual detection? by bickerdyke · 2012-12-10 05:48 · Score: 2

Does any of the mentioned "existing third party products" really DETECT malware? Or do they only check apks against lists of manually compiled checksums?

--
bickerdyke
Why "only"? by allo · 2012-12-10 06:36 · Score: 1

It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.
1. Re:Why "only"? by godel_56 · 2012-12-10 09:53 · Score: 1
  
  It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.
  But looking at the alternatives (from TFA) even lowly ClamAV detected 51%, and two of the commercial programs detected 100% of the malware samples (looks like Avast and Symantec).
  If you're beaten by ClamAV, well man, that is embarrassing. Oh, and Clam is free as well.
2. Re:Why "only"? by allo · 2012-12-10 10:28 · Score: 1
  
  clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.
3. Re:Why "only"? by godel_56 · 2012-12-10 11:48 · Score: 1
  
  clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.
  Users aren't concerned with how it works, only if it works, and to some extent how much it costs. The Google service may actually be harmful by giving a false sense of security to noob users.
4. Re:Why "only"? by hobarrera · 2012-12-11 14:59 · Score: 1
  
  Not really, because it gives users a false sense of security - they belive the apps have been scanner, but they've been scanner rather poorly.
5. Re:Why "only"? by allo · 2012-12-12 01:30 · Score: 1
  
  still better than not scanned.
6. Re:Why "only"? by hobarrera · 2012-12-12 04:47 · Score: 1
  
  Not really.
  If you tell users that apps have been scanned, they install them with a [false] sense of security, beliving that the scanning process is protecting them.
  If you tell them stuff isn't scanned, they'll probably tend to be slightly more careful (lots will still screw up though).
7. Re:Why "only"? by allo · 2012-12-12 06:12 · Score: 1
  
  Google does not tell its scanning. It just does it, and alerts the user, if its malware-positive. If its negative, the user gets no message at all.
Incorrect use of word "Malware" by SuperKendall · 2012-12-10 12:25 · Score: 1

So what will you do when your Apple device doesn't just work?
And then you link to a story about ONE app that uploaded an address book somewhere. That was it.
How is that Malware? At best it's spyware. And it wouldn't even be able to do that under iOS6 without asking for permission to access contacts.
Meanwhile probably 25 of Android software is scraping your contacts but who cares about that? It's just expected on Android that most apps will violate you somehow I guess.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley