Two-Thirds of Android Antivirus Apps Are Total BS

An anonymous reader quotes a report from Tom's Guide: Austrian antivirus-testing lab AV-Comparatives tested 250 antivirus apps in Google Play against 2,000 malware samples. They found that only 80 of the apps could stop even a minimal amount of malware. "Less than one in 10 of the apps tested defended against all 2,000 malicious apps, while over two-thirds failed to reach a block rate of even 30 percent," the lab said in a press release. To make sure you're protecting your Android device properly, stick to apps from well-known antivirus companies. Basically, AV-Comparatives said, most Android antivirus apps are phony, and many of them seemed to have been created only to display ads or promote a developer's career. "The main purpose of these apps seems to be generating easy revenue for their developers, rather than actually protecting their users," the AV-Comparatives report said.

In what way were any good?

[SuperKendall]

I am highly suspicious there is even a single AV app that is of any use, even if not actively harmful.

Re:In what way were any good?

[ctilsie242]

I don't understand how AV can be of use on a phone, unless it was running as root. If it is running as just another unprivileged UID, it isn't going to do much.

AV on computers may be justified to tick off checkboxes. On phones with mobile operating systems, the real security needs to be at the app stores.

I wish Google could do a two tier security model:

Tier 1 -- default tier, all apps are curated, scanned by Google's AI for potential mischief, and for an app developer to have an app in Tier 1, they must agree to more stringent requirements, and are put on notice that it doesn't take much for them to have their app chucked from the tier. This is what Amazon does with their Android app store.

Tier 2 -- This is what would be the present state of the Google Play Store.

From here, phones should default to only allow Tier 1, and just like sideloading, tell the user that they don't just walk into Mordor if they want to use Tier 2.

This way, there can be a wide variety of apps, but users have a trustworthy source that is actively curated, and where there is zero mercy shown for developer shenanigans.

Re:Less than 1 in 10?

So does that mean of the 2000, that 200 were OK? Care to give us a list?

The answer to your questions, including the full list, are in the first link from the summary. Please, learn to use your left mousse button before posting on slashdot.

The good ones, according to the article from the second link, are:

Twenty-three apps did detect all malware samples AV-Comparatives threw at them, including Tom's Guide's top three picks: Bitdefender Mobile Security, Norton Mobile Security and Avast Mobile Security.

Our sixth-place pick, Psafe DFNDR, was also in the 100-percent category, although AV-Comparatives noted that DFNDR used Avast's antivirus engine and had not updated itself to run properly on Android 8 Oreo and later. Lookout Mobile Security, our No. 5 pick, was a little behind the others with 99.6 percent. (Google's own Play Protect antivirus software did poorly, with a detection rate of only 69 percent.

Viruses not the problem

[The+Evil+Atheist]

Viruses haven't been a problem for a long time. Not when apps keep asking for permissions for things they shouldn't need, and trick/confuse the user into volunteering their personal data.