Anti-Malware
,
Mobility
,
Technology
More Than Half of AV Apps are Ineffective, Testing Firm Finds
More than half of 250 anti-virus applications available in Google’s Play Store offer insufficient protection against malicious software, a security software testing firm reports.
The Austria-based organization, AV Comparatives, warns that some of the security apps were so poorly engineered that they detected themselves as malware. About 10 percent of the apps tested appeared to come from amateur developers more focused on advertising and monetization than security.
See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys
“Some of the Android security products in our test blocked so few of the malware samples – in some cases literally none – that they cannot reasonably be described as anti-malware apps,” AV Comparatives says in a research report.
The offering of so many ineffective or deceptive apps could prove confusing to users. The number of times an app has been downloaded is not an accurate metric of quality, and user reviews can be faked, AV Comparatives cautions.
Most of the tested apps had a review score of four or higher on Google Play’s five-star scale, making it difficult for users to derive any meaningful, impartial information about an app’s efficacy.
“A successful scam app may be downloaded many times before it is found to be a scam. A recent ‘last updated’ date also does not seem to be a good quality indicator, as many low-scoring apps had relatively recent updates,” AV Comparatives says.
Malware Tests
For its tests, AV Comparatives ran 2,000 of the most common Android malware samples from last year through the 250 anti-virus products, checking their detection and false-positive rates.
The tests were conducted using physical phones – the Samsung Galaxy S9 – which ran Android 8.0, known as Oreo. Some security apps couldn’t run on Oreo, so AV Comparatives used Android 6.01 running on a Nexus 5 instead.
The tests were straightforward: Open the Google Chrome browser on a clean phone, download a malicious sample, open the .apk Android executable file in the file explorer app, then install and execute it.
More than half of the apps – 138 out of 250 – either detected 30 percent or less of the malicious samples or had high false-positive rates, meaning a non-malicious app gets flagged as being bad.
Some apps failed a very basic test. AV Comparatives ran more than 100 legitimate apps through the scanners in an effort to gauge the false positive rate. “Several low-quality apps detected as malware a number of the 100 clean and popular apps from the Google Play Store,” it says.
Other security apps only seemed to be using black-and-white lists for detection. Disturbingly, AV Comparatives says it found more apps this year doing this than during tests the organization did last year.
There can be risks in using whitelists. AV Comparative gives an example of JSON – JavaScript Object Notation – whitelist that includes an entry for “.com.Adobe.”
“While this entry means that all genuine apps made by Adobe (such as the Acrobat Reader app) will be regarded as safe, this mechanism also allows any malicious app to bypass the security scan, simply by using ‘com.adobe.*’ as its package name,” AV Comparatives writes.
One unexpected twist: AV Comparatives found some anti-virus apps failed to add themselves to their own whitelist, which caused the app to flag itself as being malware.
Google Excises Apps
AV Comparatives says a handful of apps it tested have been now flagged by other security software as Trojans or “potentially unwanted applications,” a category reserved for apps that may have some legitimate functionality but also sport other, questionable features, such as bombarding users with ads.
Security apps from 32 other vendors have been removed by Google from the Play Store in the last few months. AV Comparatives says it expects the company to remove more.
In many ways the Android anti-virus scene on is similar to the desktop one a decade ago. In those days, researchers often found malware that purporting to be anti-virus applications.
The desktop scams became more sophisticated later. Instead of masking malware as an anti-virus product, the questionable products did actually have anti-malware functions but at a much less effective level than top ones.
The promoters of low-quality anti-virus products used a variety of search engine optimization and other tricks to boost download rates. Some of the products were also wrapped in with questionable tech support schemes, which have come under repeated examination by the U.S. Federal Trade Commission.