Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google App Verification Service Detects Only 15% of Infected Apps

Posted by samzenpus on from the low-expectations dept.

ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."

16 of 99 comments (clear)

  1. It's a placebo by Shaman · · Score: 3, Funny

    Much like Windows Defender. Or in the case of Window 8, Window Defender.

    --
    ...Steve
    1. Re:It's a placebo by Anonymous Coward · · Score: 5, Insightful

      What malware problem?

      You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?

      That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.

    2. Re:It's a placebo by swillden · · Score: 2

      Well, yes. I expect my computer to just work, I am entitled to that which I paid for. If Android can't just work then I have no reason to leave the Apple ecosystem.

      So what will you do when your Apple device doesn't just work?

      http://www.forbes.com/sites/adriankingsleyhughes/2012/07/06/first-ios-malware-hits-app-store/

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:It's a placebo by CastrTroy · · Score: 2

      It's ok to sideload stuff from Amazon, and other markets, but that doesn't mean it shouldn't raise some red flags when the app asks for permissions it doesn't need. Also, if You're download a 99 cent app from a warez site, you are a cheapskate, and are almost asking to get conned. That's less than a cup of coffee, or a chocolate bar at most places.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. Re:No problem here by schitso · · Score: 2, Insightful

    The solution.

  3. False positive rate? by gman003 · · Score: 4, Interesting

    I wonder, what's the false positive rate on these "third-party" systems? It's easy to make a system that detects 100% of malware as malware - just deny everything.

  4. We've known virus scanners don't work since. by i+kan+reed · · Score: 2, Insightful

    What? 2000, maybe? More specifically, they're part of the test cases of virus writers, who develop until they are circumvented. Why would anyone imagine they do anything useful?

  5. 15% detection rate? by Revotron · · Score: 4, Funny

    McAfee would kill for that.

    1. Re:15% detection rate? by h4rr4r · · Score: 3, Funny

      So be careful not to live next to him, he has already shown he will do it.

  6. I don't want/need this on my phone. by DavidClarkeHR · · Score: 5, Insightful

    Well, it's a good thing there are 3rd party options.

    I don't want/need additional bloat on my phone - I don't install random apps, and I'm quite comfortable wiping the phone to update it. Sure, I'll use a scanner if/when I start installing random things, but it's basic online hygene. I don't install random programs on my computer, but I do use a 3rd party antivirus because of all the browsing I do. That isn't something I do on my phone, and when it is, I will take the appropriate precautions.

    --
    - Nec Impar Pluribus, or so I'm told.
  7. Bias? by Anonymous Coward · · Score: 5, Interesting

    The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

    Will they follow up in 6 months? Doubtful, since the results would put Google near the lead, and this article looks like anti-Google.

    What happened to researchers these days? Where's the objectivity?

    1. Re:Bias? by Cenan · · Score: 2

      Your premise is wrong. Why should any kind of antivirues algorithm/software be excused for being "new"? You're either capable of detecting malware or you don't release. You aren't supposed to "learn on the job" with malware detection

      --
      ... whatever ...
  8. Or maybe... by GeLeTo · · Score: 4, Insightful

    The malware developers test and try to circumvent the Google scanner and don't bother with third-party security apps. If Google buys an app with 100% detection rate and uses it in their scanner, guess what the detection rate will be a few months later.

  9. Re:No problem here by h4rr4r · · Score: 2

    Because his complaint is really the crap that was in the ROM his provider installed. Not malware.

    There are two solutions for this, the first being do some research before buying a smartphone the other being install a ROM that does not include this sort of bloatware.

  10. Actual detection? by bickerdyke · · Score: 2

    Does any of the mentioned "existing third party products" really DETECT malware? Or do they only check apks against lists of manually compiled checksums?

    --
    bickerdyke
  11. Re:Explain. by Cenan · · Score: 4, Informative

    All the samples fed to the various detectors were infected, that's the problem with this "research", they lack a control group.

    --
    ... whatever ...