The AchieVer Posted March 14, 2019 Share Posted March 14, 2019 Two-thirds of all Android antivirus apps are frauds Only 23 Android antivirus apps had a 100 percent detection rate with no false positives. An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised. The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store. The report's results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors. ONLY 80 OF 250 APPS PASSED A BASIC DETECTION TEST The AV-Comparatives team said that out of the 250 apps they've tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests. The tests weren't even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it. They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago. SOME APPS DON'T ACTUALLY SCAN FOR MALWARE However, results didn't reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn't actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code). Essentially, some antivirus apps would mark any app installed on a user's phone as malicious, by default, if the app's package name wasn't included in its whitelist. This is why some antivirus apps detected themselves as malicious when the apps' authors forgot to add their own package names to the whitelist. In other cases, some antivirus apps used wildcards in their whitelist, with entries such as "com.adobe.*". In these cases, all a malware strain had to do was to use a package name of "com.adobe.[random_text]" to bypass the scans of tens of Android antivirus products. SNAKE-OILERS EVERYWHERE!!! The organization said it considered the 30 percent detection mark (with zero false positives) as a threshold between legitimate antivirus apps and those it considered ineffective or downright unsafe. That means that 170 of the 250 Android antivirus apps had failed the organization's most basic detection tests, and were, for all intent and purposes, a sham. "Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business," the AV-Comparatives staff said. "Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons," researchers said. Furthermore, many of these apps also appeared to have been developed by the same programmer on an assembly line. Tens of apps sported the same user interface, and many were more interested in showing ads, rather than having a fully running malware scanner. Image: AV-Comparatives The results of the AV-Comparatives study is no surprise for anyone in the cyber-security world who's paid attention to the Android antivirus scene in the past few months. ESET mobile malware analyst Lukas Stefanko has been warning the public against these threats for months. Source Link to comment Share on other sites More sharing options...
An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised. The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store. The report's results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors. ONLY 80 OF 250 APPS PASSED A BASIC DETECTION TEST The AV-Comparatives team said that out of the 250 apps they've tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests. The tests weren't even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it. They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago. SOME APPS DON'T ACTUALLY SCAN FOR MALWARE However, results didn't reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn't actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code). Essentially, some antivirus apps would mark any app installed on a user's phone as malicious, by default, if the app's package name wasn't included in its whitelist. This is why some antivirus apps detected themselves as malicious when the apps' authors forgot to add their own package names to the whitelist. In other cases, some antivirus apps used wildcards in their whitelist, with entries such as "com.adobe.*". In these cases, all a malware strain had to do was to use a package name of "com.adobe.[random_text]" to bypass the scans of tens of Android antivirus products. SNAKE-OILERS EVERYWHERE!!! The organization said it considered the 30 percent detection mark (with zero false positives) as a threshold between legitimate antivirus apps and those it considered ineffective or downright unsafe. That means that 170 of the 250 Android antivirus apps had failed the organization's most basic detection tests, and were, for all intent and purposes, a sham. "Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business," the AV-Comparatives staff said. "Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons," researchers said. Furthermore, many of these apps also appeared to have been developed by the same programmer on an assembly line. Tens of apps sported the same user interface, and many were more interested in showing ads, rather than having a fully running malware scanner. Image: AV-Comparatives The results of the AV-Comparatives study is no surprise for anyone in the cyber-security world who's paid attention to the Android antivirus scene in the past few months. ESET mobile malware analyst Lukas Stefanko has been warning the public against these threats for months. Source
dMog Posted March 14, 2019 Share Posted March 14, 2019 OK not trying to nitpick but really, if you cannot show the list of those bad apps, there was no need to copy and paste this entire article. if you really wanted to help others that is the article you should search for, and copy and paste, the one with the list of actual apps, not the scaremongering that was posted Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.