Two-thirds of Android AV solutions not good enough

Nearly two-thirds of Android antivirus products offered on the market today cannot be considered reliable enough for use, says independent IT and security research institute AV-Test.

As the number of malicious software targeting the mobile Android platform continues to increase inexorably, AV-Test’s researchers decided to check out whether existing mobile AV solutions are up to the task.

Their test involved 41 solutions, which were installed either on an Android emulator or on real devices, and tested with 618 pieces of Android malware – all variants of over 20 different malware families – that included phishing- and banking-Trojans, spyware, bots, root exploits, SMS fraud, premium dialers and fake installers.

The results were the following:

  • 7 of the tested solutions detected more that 90 percent of the used malware. The products in question are developed by Avast, Dr Web, F-Secure, Ikarus, Kaspersky, Zoner and Lookout.
  • 10 of the tried solutions spotted over 65 percent of the used malware. Among those are products by AVG, BitDefender, ESET, Trend Micro, GFI, and mobile AV specialists Super Security and AegisLab.
  • 6 of the solutions identified less than 40 percent of the malware. The solutions in question are those from Bullguard, Comodo, G Data, McAfee, NetQin and Total Defense.
  • 12 of the solutions detected between 0 and 40 percent of the malware, and this group does not include any traditional anti-virus vendor.
  • For the remaining 6 of the 41 tested solutions, the researchers couldn’t determine whether they scanned the malware set correctly or not or whether they are able to detect anything at all (including the EICAR test file).

All in all, the researchers concluded that the could recommend the 17 solutions in the first two groups to users, and that the rest should be avoided and that their developers should continue working on them.

“Even if Google now checks all apps on its Android Market, you should consider installing a security app, because nowadays the malware authors are able to load their malicious code after a seemingly clean app has been installed,” commented the researchers alluding at the so-called download Trojans, i.e. applications that download malicious code after being installed.

They also offered some advice to users on how to choose apps from online markets:

To keep your device free of malware even without a security app, you should install apps only from trusted sources, like the Google Android Market or the Amazon Appstore for Android.

Read the comments carefully and check whether the required permissions are reasonable (e.g. a game usually shouldn’t need the permission to read or write SMS unless its description lists the specific features using these permissions).

As it may take between two to four weeks until Google removes malicious apps from its Android Market, you should also be careful with new apps on the market. Wait until apps are well-established, e.g. they were downloaded several thousand times and have many good ratings, or visit the developer’s website, which should at least provide contact information.

The advice is especially good when you consider that existing mobile AV solutions detect malware mostly by using signatures already developed for known variants, and are not capable of detecting malicious apps based on their behavior or heuristics.

Don't miss