Antivirus is already fraught. You’re basically inviting all-seeing, all-knowing software onto your device, trusting that it’ll keep the bad guys out and not abuse its own access in the process. On Android, that problem is compounded by dozens of apps that aren’t just ineffective—they’re outright phony. In a survey of 250 Android so-called antivirus apps, only 80 were found to block more than 30% of malware samples. Some of the apps tested didn’t even have any antivirus functionality at all.
AV-Comparatives is an industry research group that rates antivirus programs on their effectiveness. They recently conducted a study of Android antivirus products from the Google Play Store and the results were rather surprising. They tested each app with 2,000 of the most common Android malware threats and recorded which were caught and which were let through. The tests were automated, but were done on real phones rather than emulators.
The test was designed to be easy and as a result, most of the real antivirus apps detected 100% of the samples. Overall, there were about 50 apps that scored above 90%.
As a control, they also tested clean apps to see if the antivirus apps actually scanned the phone. What they found is that many of the supposed antivirus apps simply marked every other app on the user’s phone as suspicious unless it was on a hard-coded list of allowed apps.
Some apps displayed a progress bar during a “scan,” but that was just based on a predefined delay for however many files were on the phone. A few of the apps even detected themselves as risky since the developers forgot to add their own name to the app’s list of allowed apps.
There was also rampant plagiarism among the less-legitimate apps. Many just used the antivirus engine from other reputable application, despite still charging for their own app.
mong the recognizable names that did well were Avast, AVG, Avira, Bitdefender, BullGuard, Emsisoft, ESET, F-Secure, Kaspersky Lab, McAfee, Sophos, STOPzilla, Symantec, Tencent, Trend Micro, VIPRE, Lookout, Malwarebytes, CheckPoint, Webroot and Zemana.
The results of the AV-Comparatives study is no surprise for anyone in the cyber-security world who’s paid attention to the Android antivirus scene in the past few months.
ESET mobile malware analyst Lukas Stefanko has been warning the public against these threats for months.
Some of his past tweets confirm the AV-Comparatives study, with the researcher uncovering Android antivirus apps that detect themselves as malware…
