The world of antivirus is already full. You are basically inviting all-knowing, all-knowing software on your device, trusting that it will keep the bad guys out and not abuse their own access in the process. On Android, that problem is compounded by dozens of apps that are not just ineffective-they're outright phony
That's the finding of newly published research by AV-Comparatives, a European company that, as its name suggests, tests antivirus products. In an overview of 250 antivirus apps found in the Google Play Store, only 80 demonstrated basic skills in their jobs by detecting 30 percent or more of the 2,000 malicious apps AV-Comparatives threw at them. The remainder either failed to meet that benchmark, often mistook benign apps for malware, or have been pulled from the Play Store altogether. "In the past we and others found malicious apps, non-working apps, so it's not really a surprise to find some bogus AV apps as well," says Peter Stelzhammer, COO of AV -Comparatives. "In the times of rogue AV software, you have to be aware of everything."
Failure comes in many different colors, of course. Some AV-Comparatives antivirus apps actually tested a decent job of blocking malicious apps, but introduced potential risks of their own. Several dozen products-all of which share a suspiciously similar user interface-relied on a "whitelist" approach, meaning that only specific named apps were allowed to run on the device. Think of it as a bouncer in a club with a very strict guest list;
The immediate ramification of this approach should be clear: An antivirus that relies on whitelisting will block lots of perfectly legitimate apps. In some cases, the AV-Comparatives study notes, the antivirus apps even forgot to whitelist themselves, creating an ouroboros of failure
"In times of rogue AV software, you will be aware of everything."
Peter Stelzhammer, AV-Comparatives
This kind of whitelisting introduces a secondary concern. These apps were coded to trust any package name that starts with, say, "com.adobe." "or" com.facebook "But that also means hackers could name their malware com.facebook.bigbadvirus and still get through. Think again of our bouncer, who in this scenario has specific instructions to let John Stamos in the club whenever he wants. Our friend would happily raise the rope for three raccoons in a trench coat, as long as they introduced themselves as John Stamos Raccoons
Why go through all the trouble of pushing a fake, or at the best deeply broken, antivirus app? It snap up users' personal data, of course. Remember, antivirus apps by nature ask for, and generally receive, deep permissions. "Android apps like these are notorious for simply pushing more content on phones, but even more so they are simply used to collect data from the phone," said Yonathan Klijnsma, chief threat researcher at RiskIQ Security Intelligence. "
While Google has taken down a lot of these fraudulent apps, they still persist. It's also unclear whether Google can reasonably be expected to face the tide. "I'm not sure what to expect from Google about these apps," says Mohammad Mannan, a computer scientist at Concordia University who has researched antivirus software. "In general, Google as a market operator may not be able to check all apps to verify if the apps meet their advertised obligations." Google did not comment on what protections it has in place to keep fake or faulty antivirus software out of the Play Store. Mannan argues that in some ways it would be like penalizing a boring game for claiming it was "super exciting."
The good news is that not all Android antivirus is worthless. AV-Comparatives found 23 apps that caught 1
"Download counts and reviews are not an option anymore," says Stelzhammer. "The reviews can not say anything about the quality of protection, just about the ease of use, and that does not mean that you are protected well enough. And they can be fake as well. "
On the other hand, you could also not install an antivirus app. Even good ones can be fooled, especially on a platform as permissive as Android. They drain resources at an aggravating rate. And a lot of protection they offer can be achieved by simply staying away from third-party app stores in the first place. At best, they'll help a little. At the worst, they'll hurt a lot
More Great WIRED Stories