As Play Store Malware Mounts, Many Android AV Apps Fall Short

How confident are you that your Android anti-virus software is catching malicious code? According to a report released in March by anti-virus testing organization AV Comparatives, it might be time to take a second look. The independent anti-virus tested 250 Android apps claiming to offer anti-virus features; 80 of them detected at least 30% of malicious apps (and most of this segment scored far better than that). These included brand names such as AVG, Panda, MalwareBites and Sophos.

However, 138 anti-virus apps detected fewer than 30% of the 2000 Android malware samples in the AV Comparatives testbed. Most of these are anti-virus apps that you wouldn't have heard of.

“We consider those apps to be risky, that is to say, ineffective or unreliable,” the testing organisation said. Some apps were simply buggy, but others seemed intentionally coded to take shortcuts such as banning everything that wasn't on a whitelist or allowing any apps that contained certain strings. 

AV Comparatives also found several anti-virus apps that were detected as either trojans or ‘potentially unwanted applications’ by legitimate software. 

“It is to be expected that Google will remove most of them from the Google Play Store in the coming months (and hopefully enhance their verification checks, thus blocking other such apps from the store),” AV Comparatives said.

Most of the specious apps are created by amateur programmers, the testing lab warned. Telltale signs included lack of a developer website address or privacy policy, and the tendency to create lots of unrelated apps in the store.

Although Google does conduct automated tests for malicious software on its Play Store, harmful software does slip in. Programs using malicious Exobot code have been found in the Play Store. Just this month, Adware strain SimBad was found in 200 Play Store apps, having been downloaded by around 150 million users.

Malware writers often use smart tricks to bypass Google’s Play Store protections, including the delayed execution of malicious code or the building up of strong reputations that encourage its systems to use less stringent checks. 

So which AV tool won out in the AV Comparatives test? A healthy number of tools scored 100%. See the results here.

The topic of Data Protection will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Data Protection here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.

Brought to you by

What’s hot on Infosecurity Magazine?