Antivirus programs have long held a place of importance on the desktop, but as mobile operating systems have grown in popularity the desktop security dogma has bled over. So indoctrinated are the users that when Android antivirus apps began appearing, users snapped them up. Although, with the flurry of news on Android malware, the users can’t really be blamed for making assumptions. Now a new report from security firm AV-Test lays out how futile this entire exercise may be.
The results
The conclusion reached by AV-Test [PDF] is that free Android anti-malware apps are simply not worth your time. It was quite the cavalcade of failure when the apps were used to scan an Android device loaded down with recent, and very real malware. Six of the seven free apps tested failed to get above 10% detection. Only Zoner AntiVirus did any better, but it could only manage 32% detection.
The results make it clear that if you pick up a free antivirus app from the Market, it is likely to miss nine out of ten potential threats. So is the answer to go with the paid apps? AV-Test also took a look at two paid anti-malware solutions for Android to answer that very question. The paid apps were able to scan and detect about half of all installed threats. That still leaves a huge number of malicious packages in the clear.
The other half of the testing was installation blocking. Here, the researchers attempted to install the threats one by one to see if the antivirus apps would spring into action as intended and stop the process. Results were slightly better for the free Zoner app, which blocked 80% of malware. The other free apps, however, failed to detect anything. The paid apps blocked all malware apps from being installed, even those that were not spotted in the manual scans.
What does it mean?
The best outcome for the free apps, with Zoner AV scanning in real-time as apps are installed, 20% of known threats slipped right through. These free apps are used by millions of people, if the numbers from the Android Market are to be believed. Almost all of the free apps are little more than a placebo being brought to bear on a very rough and tumble online world.
There is no financial loss here, and you get what you pay for, right? This is a tempting conclusion to embrace, but AV-Test points out a real psychological issue with the use of these free apps. Users can become complacent and neglect security practices when they embrace the claims offered by the creators of the apps. AntiVirus Free, GuardX, and the rest are giving people a false sense of security, which can make them take more risks.
While the paid solutions did have demonstrably better results, they don’t get off scot-free either. Good on them for stopping all the threats from being installed, but far too many previously-installed malware apps were missed. In this case, users are actually paying for the apps and would reasonably expect to be able to sweep their phones clear of malware. Is this level of protection worth paying for?
What users should do
It isn’t terribly surprising that Android anti-malware apps can’t keep a phone free from nasty code. These apps run in the same sandboxed Java environment all the other apps do. They lack the kind of low-level system access on mobile that desktop antivirus apps have had for years. These apps do have good intentions, but by far the best way to avoid malware infestation is to use a little common sense, and understand how Android apps work.
When an app is installed, the system will always display the permissions requested. The user can use this at a glance to evaluate an app’s intentions. If a relatively simple app, like a wrapper for a website, asks for permission to send and receive SMS messages, that is a serious red flag. In fact, a large number of these so-called “SMS Trojans” are in circulation around the seedier parts of the web. When installed, they text premium rate numbers to rack up charges. The same concern exists for apps that include phone calling permissions; they could call premium rate numbers without the user’s knowledge.
Another important permission to be on the lookout for is access to the contact list, and Google accounts. If an app has no business looking at this data, there is a chance that it’s just malware designed to harvest user data for spamming or phishing scams. The only time one might expect to see this permission is in apps that autocomplete contact names, or handle legitimate messaging actions.
Of less concern financially, but still a sign of shady behavior, is the location permission. This can come in either Fine (GPS) or Coarse (Network) varieties. An app that doesn’t need this data for its essential function could be using it for something as innocuous as location-aware ads, but there is a darker possibility as well. Questionable app could harvest a user’s exact location, store it over time, and sell that to advertisers.
The best way to stay safe on Android is to just stick to established apps from the official Android Market or the Amazon Appstore. While bad apps do occasionally show up in the Market, Google removes them swiftly and can remotely kill the apps on phones.
Most of the truly dangerous threats have been detected on forums and third-party websites masquerading as well-known apps. Basically, don’t install a version of “Cut the Rope” obtained from a Chinese pirated software forum. By leaving the Unknown Sources option disabled in the Android settings, apps cannot even be sideloaded from other sources, which blocks this vector completely.
It just takes a little forethought to avoid the most serious Android malware threats out there. Sticking to the official application repositories is a good policy, as is checking out the permissions for an app. Users might even prefer to leave the Unknown Sources option disabled. There is now good evidence that free Android antivirus apps just don’t work, and could even cause users to believe they are protected, and thus take more risks. Paid antivirus apps work better, detecting more threats, but still fall short of the mark. In the end, it is still very much up to the user to be on the lookout for suspicious behavior in order to stay safe.
No comments:
Post a Comment