Jump to content

Why Android anti-virus apps don't work like normal AV? that's Google's fault


Matsuda

Recommended Posts

s_Android2.jpg

Android users expecting Windows levels of performance from Android-specific anti-virus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts.

Anti-malware bods agree that anti-virus programs on Android can’t remove viruses automatically, meaning that the process needs to be carried out manually by the user in each and every case.

"Android anti-malware applications can block URLs, scan downloads and identify malware that the user may have installed, but they cannot remove malicious applications that are installed by the user," explained Simon Edwards, technical director at Dennis Technology Labs, an experienced antivirus tester and chairman of the Anti-Malware Testing Standards Organization.

"They have to alert the user and hope that the user is able to uninstall them manually, using the usual Android uninstall routine."

Andreas Marx, chief exec of AV-Test, confirmed Edwards' prognosis that Android security applications could only warn about maliciously installed apps, rather than shunting them into quarantine (the norm for equivalent Windows security software).

"The mobile security apps are all running in a sandbox, just like any other app," Marx told El Reg. "Therefore, they are not able to remove malicious apps at their own."

Chocolate factory controls Google malware 'kill switch'

This existing but under-reported behaviour is not inherent to the architecture of Android smartphones and tablets. Edwards told El Reg: "There actually is a way to remove malware from infected devices automatically. Google has a kill switch that can do it. But only Google has that power currently."

Marx confirmed: "Only Google has the power to use it [the 'kill switch'], as far as we know, but in past they only focused on disabling malicious apps which made it into the Google Play store. It looks like that they don't really care about any third party marketplaces, but leave this field to the AV [anti-virus] companies."

We invited Google to explain the design rationale for this treatment of malicious apps on Android devices but are yet to hear back from them. Security apps on rooted devices might be able to get around these restrictions. However Marx reckons the security drawbacks outweigh this modest advantage.

"If you have a rooted device, some anti-malware apps offer additional features, but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

Marx reckoned the warning feature of Android anti-malware scanners meets the practical needs of consumers and enterprise users.

"Besides this, the majority of security apps offer to run an on-demand scan from time to time to check for other potential harmful stuff on your device. The security app can warn you, so you can uninstall the potential malicious app later," Marx said, adding that "however, the on-installation check is the most important anti-malware feature."

Scores on the doors

The effectiveness of on-demand and on-access detection of malware by Android ant-virus scanners were the main two areas covered by in tests by AV-Test, published last week.

AV-Test put 28 Android security apps through their paces, discovering improved results from previous comparable exercises. Only two products (Zoner Mobile Security and SPAMFighter VirusFighter Android) failed in AV-Test's latest real-world review against 2,124 malicious apps. Al the paid for products from mainstream vendors (Kaspersky, Trend. McAfee, Sophos, etc.) passed, as did freebie scanners from Avast and others.

The malware protection rate during tests run in November and December 2013 was in the range of 42.3 per cent to 100 per cent, with an average detection of 96.6 per cent (6 percentage points better than the testing house's last Android security software review, which was put together in October). Only a few programs created false positives on AV-Test's test systems during the latest review.

An overview of the results can be found here.

The German testing house found that the main difference between free and paid-for Android security apps came from the features they offered rather than in detection of malign apps. Premium security features included functions such as anti-theft, backup and encryption.

The favourable results are welcome given that Android malware is becoming a growing nuisance. In total, AV-Test has already registered more than 1.5 million Android-related malware samples in 2013, and we have more than 1.8 million total in its database. During November 2013, for example, AV-Test was receiving about 6,000 additional unique samples per day.




search_button.gifSource

Link to comment
Share on other sites


  • Replies 14
  • Views 1.7k
  • Created
  • Last Reply

Top Posters In This Topic

  • Dodel

    3

  • Gabben

    3

  • nIGHT

    3

  • Cyberboom

    1

Top Posters In This Topic

"If you have a rooted device, some anti-malware apps offer additional features, but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

So a rooted device can essentially remove the malware automatically, yet an unrooted device has to rely on an potentially inexperienced user to remove the malware manually ... surely then NOT rooting a device is a security issue ?

Edited by Dodel
Link to comment
Share on other sites


AV companies just want to have more control. :yes:

But that's the point ?, currently unless you have a rooted device, AV's cannot remove malware automatically (unlike it's desktop equivalent) as the AV software cannot get access to the root system files of the device, thus the malware stays on the device until the user manually removes it. To remove it however, the user would need to know which software is infected, which isn't always straight forward.

Given that not everyone who has a smartphone is technologicially adept, we run the risk of having a shed load of devices which are infected, possibly evening running a botnet (MisoSMS), with inexperienced users not knowing they are infected or knowing how to remove the infection.

I use Dr.web AV on a rooted device, and to buy it's £46.xx on google play. Imagine paying that kind of money for an AV only to find out that it cannot remove the infection ONLY tell you it exists on your device, because it doesn't have root access.

It's akin to having a PC, but not being able to have Admin rights, not good.

Edited by Dodel
Link to comment
Share on other sites


Is it mandatory root my mobile?. If I do it, do I have to install a AV afterwards?

No it's mandatory, it just gives you full system access, so you can overclock your device for example, if you did root your device, you would loose everything currently on it, so you would be wise to backup first.

In regards to the AV aspect, NO you do not have to install one, the only reason I run one is because I grab apk's (the installer files), from various sources, but it can't hurt to run one either way.

Who cares? Only idiots get viruses both on android and windows.

Do you run an AV / Firewall ?

Link to comment
Share on other sites


I'm using Dr.Web mobile security for Android and it seems working fine :)

Link to comment
Share on other sites


Who cares? Only idiots get viruses both on android and windows.

Do you run an AV / Firewall ?

Only Windows 8.1 default.

Dodel is asking you if you have an AV / Firewall installed in your android smartphone and not in your pc/laptop.

You need to root your smartphone if you want to install a firewall on it.

Link to comment
Share on other sites


"If you have a rooted device, some anti-malware apps offer additional features, but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

So a rooted device can essentially remove the malware automatically, yet an unrooted device has to rely on an potentially inexperienced user to remove the malware manually ... surely then NOT rooting a device is a security issue ?

I agree with their assessment actually. If users are so technically inept that they cannot even uninstall an infected app manually following instructions, rooting their device is just a recipe for disaster.

Edited by janedoe
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...