Despite improvements over the years, Google's built-in Play Protect malware scanner for Android still offers much less protection than third-party security software, testing by independent lab AV-Comparatives show.
AV-Comparatives tested the latest versions of security software from ten vendors as well as Google's Play Protect on Android "Pie" 9, pitting them against a test set of 3,601 recently collected malicious applications in APK file format.
Of the security programs, Trend Micro detected 100 per cent of malware samples, with Avast, AVG, Avira, Bitdefender, F-Secure, G DATA, Kaspersky and McAfee finding 99.9 per cent of the malicious apps in the test.
Securion's OnAv found 99.4 per cent of malware samples, but Google's Play Protect only detected 83.2 per cent, the worst result in the test.
The test lab also checked for false positives by downloading 500 popular apps. Again, Google's Play Protect was the worst performer, wrongly flagging 28 apps as malware.
While it's free and runs on almost every new Android device, Google's Play Protect "does not yet provide effective protection," AV-Comparatives said and recommended that users run third-party security software as well.
Google has improved Android security over the years, with version 6.0 "Marshmallow" of the operating system bringing in run-time permissions that give users more control over private data sharing with apps.
Further security improvements have been added to later versions of Android. Relatively few devices run new Android versions however: only 10.4 per cent have the latest "Pie" or 9 installed.
AV-Comparatives noted that the risk of getting infected with malware is much higher in Asian countries, China in particular, than in Western countries.
Hundreds of millions of Android devices in China do not have access to Google's Play store, and run rooted with elevated privileges that give apps access to private data and could let them take over devices, the test lab noted.
Whereas in the West Google's Play Store and Apple's App Store dominate the market, almost nobody in China uses these.
Instead, Chinese users access Tencent MyApp, Huawei App Market, Oppo Software Store, 360 Mobile Assistant and similar local app stores which increases the risk of being hit with malware.
For users in Western countries who stick to downloading apps from Google's official Play Store, the risk of their Android devices being infected with malware is relatively low, AV-Comparatives said.
Protection against data loss in case the phone is lost or stolen is more important than malware protection for Android users in the West, the testing lab said.