Two-thirds of Android antivirus apps are frauds and fail to provide protection
A recent report published by an Austrian antivirus-testing lab revealed that almost two-thirds of all Android antivirus apps are fake, unsafe or ineffective.
The antivirus-testing lab, AV-Comparatives conducted research on 250 Android antivirus apps in Google Play Store against 2,000 malware samples. The group found that only 80 of the apps could detect over 30% of the 2,000 malicious samples thrown at them by the testing lab during individual tests with zero false alarms.
The study also found that antivirus apps from 138 vendors detected less than 30% of the Android malware samples, or had a relatively high false alarm rate on popular clean files from the Google Play Store.
“Less than one in 10 of the apps tested defended against all 2,000 malicious apps, while over two-thirds failed to reach a block rate of even 30 percent”, the lab said in a press release.
“The main purpose of these apps seems to be generating easy revenue for their developers, rather than actually protecting their users.”
For the extensive study, the researchers used 2,000 most common Android malware samples of 2018. Further, in order to ensure the most accurate results, researchers installed each antivirus app on physical Android devices instead of emulators and used an automated test process (developed in co-operation with the University of Innsbruck) to open a browser and download a malicious app to install it on the device.
The study showed that only 23 apps detected 100 percent of the malware samples, while 14 apps managed to achieve more than 99 percent.
“We consider those apps to be risky, that is to say, ineffective or unreliable. In some cases, the apps are simply buggy, e.g. because they have poorly implemented a third-party engine. Others detect only a handful of ancient Android malware samples, and allow any apps that contain certain strings, making them likely to pass some quick checks and thus be accepted by the app stores”, the lab said.
AV-Comparatives’ founder and CEO Andreas Clementi says, “Although the number of Android security apps on the market has increased since last year, our test shows that a smaller proportion of the available apps will actually provide effective protection. Last year, a third of the security apps we tested failed to detect even 30 percent of malicious samples; this year, that proportion rose to over two thirds.”
Clementi also warns users to avoid depending on user ratings and download counts to install an anti-virus app on their device, as those can be faked.
“User ratings in the Google Play Store might show that a security app is easy to use. However, without independent testing, users cannot be sure if its detections are genuine, or whether it has given a clean bill of health to a malicious program. Our test report lets you know which programs will protect your Android device, without false alarms,” he added.
In the last few months, Google has removed security apps from 32 vendors from the Play Store with more expected to be removed in the future, says AV-Comparatives.
You can visit the AV-Comparatives site and check out the complete list of all the apps tested with their scores and details of the methodology used.