Jump to content

Two-thirds of all Android antivirus apps are frauds

The AchieVer

Recommended Posts

The AchieVer

Two-thirds of all Android antivirus apps are frauds

Only 23 Android antivirus apps had a 100 percent detection rate with no false positives.


An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised.

The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store.

The report's results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors.


The AV-Comparatives team said that out of the 250 apps they've tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests.


The tests weren't even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it.


They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago.


However, results didn't reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn't actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code).


Essentially, some antivirus apps would mark any app installed on a user's phone as malicious, by default, if the app's package name wasn't included in its whitelist. This is why some antivirus apps detected themselves as malicious when the apps' authors forgot to add their own package names to the whitelist.


In other cases, some antivirus apps used wildcards in their whitelist, with entries such as "com.adobe.*".


In these cases, all a malware strain had to do was to use a package name of "com.adobe.[random_text]" to bypass the scans of tens of Android antivirus products.


The organization said it considered the 30 percent detection mark (with zero false positives) as a threshold between legitimate antivirus apps and those it considered ineffective or downright unsafe.


That means that 170 of the 250 Android antivirus apps had failed the organization's most basic detection tests, and were, for all intent and purposes, a sham.


"Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business," the AV-Comparatives staff said.


"Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons," researchers said.

Furthermore, many of these apps also appeared to have been developed by the same programmer on an assembly line. Tens of apps sported the same user interface, and many were more interested in showing ads, rather than having a fully running malware scanner. 

Antivirus apps collage


Image: AV-Comparatives

The results of the AV-Comparatives study is no surprise for anyone in the cyber-security world who's paid attention to the Android antivirus scene in the past few months.


ESET mobile malware analyst Lukas Stefanko has been warning the public against these threats for months.









Link to comment
Share on other sites

  • Replies 1
  • Views 387
  • Created
  • Last Reply

OK not trying to nitpick but really, if you cannot show the list of those bad apps, there was no need to copy and paste this entire article. if you really wanted to help others that is the article you should search for, and copy and paste, the one with the list of actual apps, not the scaremongering that was  posted

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...