Testing reveals sad state of Android anti-malware apps

Many Android anti-malware apps in Google's Play Store are written by amateurs and offer little or no protection against security threats, a large test of security products has found.

Researchers from independent testing lab AV Comparatives downloaded 110 anti-malware apps from Google Play, including reputable brands such as Symantec, ESET, F-Secure, Avast, and Kaspersky.

The researchers said genuine and effective anti-malware apps should be able to easily achieve detection rates of between 90 to 100 percent.

They conducted 100,000 test runs with the chosen apps against a set of the top 1000 Android malware threats from 2016, and found that only 24 of the 110 security products detected all malicious Android packages.

Twenty-one apps detected between 90.2 and 99.9 percent of malware samples, AV Comparatives said in its report.

A further 21 anti-malware apps fell into the 30 percent or lower detection rate category, which AV Comparatives deems as unsafe and unacceptably low.

Some programs did not find any malware samples at all, and of the 110 anti-malware apps tested, nine "were so buggy that they could not be installed/tested", AV Comparatives said.

Five contained unsafe features, collected personally sensitive data from user devices, or said they used well-known or effective anti-virus engines when they did not.

The testing took place in January. AV Comparatives noted that Google removed ten anti-malware apps from the Play Store during the testing period.

The removed apps, along with those deemed unsafe and with low protection scores, appear to have been coded by amateurs or companies not in the security business. Many of the poorly-performing and unsafe apps had no privacy policy, a requirement that Google is yet to enforce in the Play Store.

Some reputable developers' apps did not score highly in the tests. AV Comparatives speculated that they were developed and added to Google Play purely for marketing reasons.

"... there is not much money in the Android security app market, but having an Android app visible in the Google Play Store helps to keep the vendor visible, and may thus promote their other, more profitable products such as Windows security programs," AV Comparatives said. 

Ratings and reviews no help to users

AV Comparatives was inspired to undertake the testing by a fake anti-malware application, Virus Shield, that was distributed via Google Play in 2014.

While not malicious, Virus Shield had no anti-virus functionality at all. Google was forced to yank the app from Play and refund tens of thousands of customers who had paid for it.

At the time, Google advised users to check the ratings and reviews of apps before buying them.

But such a user-based reputation system has not helped avoid poor quality and useless anti-malware apps on Google Play, due to fake reviews and positive ratings from duped users, AV Comparatives noted.

"Of the apps tested for this report, practically all had a rating of 4 or higher, even though a number of them turned out to be ineffective," the researchers wrote.