The world of antivirus is already tense. Basically, you are submitting omniscient, omniscient software to your device, trusting that it will keep the bad guys out and not abuse your own access. For Android, this problem is compounded by dozens of apps that are not only ineffective – they're downright bogus.
This is the result of newly published research by AV-Comparatives, a European company that, as its name suggests, conducts tests on antivirus products. In a survey of 250 antivirus apps found in the Google Play Store, only 80 showed basic skills in their jobs, finding at least 30 percent of the 2,000 malicious apps thrown at them by AV-Comparatives. The rest either failed to reach this benchmark, often confused benign apps with malware, or was taken out of the play store altogether. In other words, they stank.
"We used to find and other malicious apps, not working apps. So it's no surprise to find the wrong AV apps, "says Peter Stelzhammer, COO of AV-Bilder. "In times of rogue AV software, you have to be clear about everything."
There are, of course, many failures in many different colors. Some tested antivirus apps tested by AV-Comparatives blocked malicious apps, but also took their own potential risks. Several dozen products ̵
The immediate impact of this approach should be obvious: An anti-virus program based solely on whitelisting will block many absolutely legitimate apps. In some cases, the study by AV-Comparatives even forgot to write the anti-virus apps themselves Whitelist, which led to a Ouroboros of failure.
"In times of AV villains you have to pay attention to everything."
Peter Stelzhammer, AV-Comparatives
This type of whitelisting leads to a second concern. These apps were programmed to trust any package name that starts with "com.adobe. " or "com.facebook. ", for example. However, this also means that hackers could call their malware com.facebook.bigbadvirus and get through anyway. Think again of our bouncer, who in this scenario has specific instructions to keep John Stamos in the club at all times. Our friend would happily pull up the rope for three raccoons in a trench coat as they introduce themselves as John Stamos raccoons.
Why bother getting a fake or at best deeply broken antivirus app? Of course, to capture the personal data of users. Keep in mind that antivirus apps inherently demand and receive deep privileges. "Android apps like these are known to simply push more content onto phones, but they're even more used to collecting data from the phone," said Yonathan Klijnsma, head of threat research at SecurityIQ. "This ranges from basic information such as the model of the phones to GPS queries, phone numbers and other personally identifiable information."
While Google has shut down many of these fraudulent apps, they persist. It is also unclear whether it can reasonably be expected that Google counteracts the tide. "I'm not sure what you expect from Google in relation to these apps," says Mohammad Mannan, a computer scientist at Concordia University, who has researched antivirus software. "In general, as a market operator, Google may not be able to review all apps to verify that the apps meet their announced commitments." Google has not commented on the protective measures taken to keep fake or malicious antivirus software out of the Play Store. Mannan argues that in some ways it would be like punishing a boring game because it was said to be "super exciting."
The good news is that not all Android antivirus programs are worthless. AV-Comparatives found 23 apps that found 100 percent of their malware samples, and others that came closer. If there is a common denominator in trustworthy decisions, they usually come from companies you've heard of, such as F-Secure, Bitdefender, and Symantec, to name but a few. If you insist on installing Antivirus for your Android phone, this is the best rule of thumb.
"Download counts and ratings are not an option anymore," says Stelzhammer. "The reviews can not say anything about the quality of the protection, just for usability, and this does not mean that you are well enough protected. And they can also be fake. "
On the other hand, you could not install an antivirus app. Even good ones can be deceived, especially on a platform that is as permissive as Android. They consume resources at an aggravating rate. Much of the protection they provide can be achieved by staying away from third-party app stores. It's best to help them a bit. In the worst case, they will hurt a lot.
Other great WIRED stories