Facepalm: In a survey of 250 Android so-called antivirus apps, only 80 were found to block more than 30% of malware samples. Some of the apps tested didn’t even have any antivirus functionality at all.
AV-Comparatives is an industry research group that rates antivirus programs on their effectiveness. They recently conducted a study of Android antivirus products from the Google Play Store and the results were rather surprising. They tested each app with 2,000 of the most common Android malware threats and recorded which were caught and which were let through. The tests were automated, but were done on real phones rather than emulators.
The test was designed to be easy and as a result, most of the real antivirus apps detected 100% of the samples. Overall, there were about 50 apps that scored above 90%.
As a control, they also tested clean apps to see if the antivirus apps actually scanned the phone. What they found is that many of the supposed antivirus apps simply marked every other app on the user’s phone as suspicious unless it was on a hard-coded list of allowed apps.
Some apps displayed a progress bar during a “scan,” but that was just based on a predefined delay for however many files were on the phone. A few of the apps even detected themselves as risky since the developers forgot to add their own name to the app’s list of allowed apps.
There was also rampant plagiarism among the less-legitimate apps. Many just used the antivirus engine from other reputable application, despite still charging for their own app. Some of the apps went as far as copying the interface of the legitimate app as shown below.
It can sometimes be difficult to determine which apps are real since shady developers can purchase comments and ratings.
Update frequency or number of downloads isn’t the best indicator either. AV-Comparatives recommends sticking with well-known brands since the watered-down free version of a real app is better than any scam app.
Among the recognizable names that did well were Avast, AVG, Avira, Bitdefender, BullGuard, Emsisoft, ESET, F-Secure, Kaspersky Lab, McAfee, Sophos, STOPzilla, Symantec, Tencent, Trend Micro, VIPRE, Lookout, Malwarebytes, CheckPoint, Webroot and Zemana. Check out the report for the full list.
We are also surprised about the amount of bogus “security” software that is being distributed on Google Play with no intervention whatsoever from the platform. We also have to assume the owners of the AV apps that are legitimate, whose work is scrapped by others, have tried at some point to correct this wrong but app stores in general are really hard to deal with, hence the large number of crappy apps waiting to be discovered. Google eventually removes most of them, but not before thousands of users download them.