Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two-Thirds of Android Antivirus Apps Are Total BS (tomsguide.com)

Posted by BeauHD on from the waste-of-time-and-money dept.

An anonymous reader quotes a report from Tom's Guide: Austrian antivirus-testing lab AV-Comparatives tested 250 antivirus apps in Google Play against 2,000 malware samples. They found that only 80 of the apps could stop even a minimal amount of malware. "Less than one in 10 of the apps tested defended against all 2,000 malicious apps, while over two-thirds failed to reach a block rate of even 30 percent," the lab said in a press release. To make sure you're protecting your Android device properly, stick to apps from well-known antivirus companies. Basically, AV-Comparatives said, most Android antivirus apps are phony, and many of them seemed to have been created only to display ads or promote a developer's career. "The main purpose of these apps seems to be generating easy revenue for their developers, rather than actually protecting their users," the AV-Comparatives report said.

11 of 67 comments (clear)

  1. In what way were any good? by SuperKendall · · Score: 3, Interesting

    I am highly suspicious there is even a single AV app that is of any use, even if not actively harmful.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:In what way were any good? by ctilsie242 · · Score: 4, Interesting

      I don't understand how AV can be of use on a phone, unless it was running as root. If it is running as just another unprivileged UID, it isn't going to do much.

      AV on computers may be justified to tick off checkboxes. On phones with mobile operating systems, the real security needs to be at the app stores.

      I wish Google could do a two tier security model:

      Tier 1 -- default tier, all apps are curated, scanned by Google's AI for potential mischief, and for an app developer to have an app in Tier 1, they must agree to more stringent requirements, and are put on notice that it doesn't take much for them to have their app chucked from the tier. This is what Amazon does with their Android app store.

      Tier 2 -- This is what would be the present state of the Google Play Store.

      From here, phones should default to only allow Tier 1, and just like sideloading, tell the user that they don't just walk into Mordor if they want to use Tier 2.

      This way, there can be a wide variety of apps, but users have a trustworthy source that is actively curated, and where there is zero mercy shown for developer shenanigans.

    2. Re:In what way were any good? by brunes69 · · Score: 2

      - Google already does "Tier 1" as you have it above.

      - The purpose of AV apps on Android is to protect you when you allow sideloading. If you use the Amazon app store, or the Aptoide app store, or want Fortnite, then you have to allow sideloading. Enabling sideloading opens up more possibility for attack vectors, especially if it is chained with another bug in Chrome or Firefox to let a web page silently install an app somehow. The way they work is they insert themselves as a new app install handler (Android allows this). Before the sideloaded APK is opened, it is scanned by the AV app.

    3. Re:In what way were any good? by kurkosdr · · Score: 2

      This. Thank you The Android sandboxing that prevents a random application from making deep modifications to the OS or from accessing privileged information is the exact same sandboxing that prevents antivirus software from being able to scan the deeper operating system. Think of Android as a non-admin Windows session where UAC prompts fail by default or a sudo-less Desktop Linux session. There is no way you can install a antivirus from that session. Most of these Android "AVs" just fetch a list of installed software (using the appropriate OS APIs) and compare against a blacklist, charging an obscene mark up for the "service". Which BTW the Play Store also does for free on GMS-enabled phones. Android AVs are a scam

  2. Re:Less than 1 in 10? by Anonymous Coward · · Score: 3, Informative

    So does that mean of the 2000, that 200 were OK? Care to give us a list?

    The answer to your questions, including the full list, are in the first link from the summary. Please, learn to use your left mousse button before posting on slashdot.

    The good ones, according to the article from the second link, are:

    Twenty-three apps did detect all malware samples AV-Comparatives threw at them, including Tom's Guide's top three picks: Bitdefender Mobile Security, Norton Mobile Security and Avast Mobile Security.

    Our sixth-place pick, Psafe DFNDR, was also in the 100-percent category, although AV-Comparatives noted that DFNDR used Avast's antivirus engine and had not updated itself to run properly on Android 8 Oreo and later. Lookout Mobile Security, our No. 5 pick, was a little behind the others with 99.6 percent. (Google's own Play Protect antivirus software did poorly, with a detection rate of only 69 percent.

  3. Re: Less than 1 in 10? by Anonymous Coward · · Score: 2, Insightful

    most Android antivirus apps are phony, and many of them seemed to have been created only to display ads

    And this is surprising . . . . . why?

    This is what happens when you create an environment based on "give everything away for free and make money from advertising".

  4. Two-Thirds of ALL Android Apps are total BS by Anonymous Coward · · Score: 2

    and that's being extremely generous

  5. that they found 250 to test in the first place.. by Anonymous Coward · · Score: 2

    ..ought to clue anyone in that the vast majority of them are absolutely bogus. there's probably less than a couple dozen legitimate developers of consumer 'antivirus' products, total, globally, with the resources to even have half a chance at developing and maintaining an 'anti malware' app for android that actually works.

  6. Re:Less than 1 in 10? by drinkypoo · · Score: 2

    We really need to get antivirus down to a charity level of business...

    It's possible to scan files on an Android device with ClamAV, a couple of different ways. As long as you get a rootable device, you can access enough files to make it worth scanning.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Viruses not the problem by The+Evil+Atheist · · Score: 4, Insightful

    Viruses haven't been a problem for a long time. Not when apps keep asking for permissions for things they shouldn't need, and trick/confuse the user into volunteering their personal data.

    --
    Those who do not learn from commit history are doomed to regress it.
  8. A bit harsh by godel_56 · · Score: 2

    The top 25 programs tested scored a hundred per cent detection rate and there were more below that in the high nineties, so the negative judgement is bit harsh. Moreover the ones that passed are all the usual suspects like Kaspersky, Avira, Avast etc which anyone with any knowledge would be more likely to buy, rather than some weird unknown brand.

    The moral is to stick with the established brands that you know.