Security Experts:

Many Security Apps on Google Play Inefficient, Fake: Study

Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.

The applications reviewed by AV-Comparatives were tested against 2,000 malicious and 100 clean APKs, totaling over 500,000 test runs. Unsurprisingly, the tests showed that the products of reputable security firms such as Avast, Bitdefender, ESET, F-Secure, G-Data, Kaspersky, McAfee, Sophos, Symantec, Tencent, Trend Micro and Trustwave can detect all malware.

Overall, 70 products blocked over 80% of the malware samples and 80 products blocked over 30% with no false positives -- AV-Comparatives considers antiviruses that block less than 30% as being ineffective or unsafe.

Android apps from 138 vendors were classified as inefficient due to detection rates of under 30% or due to many false positive detections. Some of the apps have been found to incorrectly implement third-party antimalware engines. Others have been removed or will likely be removed from Google Play in the upcoming period as reputable mobile security apps have detected them as trojans, fake AVs or potentially unwanted applications (PUAs).

Many of the applications that AV-Comparatives has classified as “risky” are designed to block almost all applications installed on an Android device, except for apps found on a whitelist, which they consider to be trusted.

“Apart from the apps on their respective whitelists, the risky ‘AV apps’ block almost all other apps, regardless of whether they were installed from the official Google Play Store or not. Some of them do not even bother to add their own packages to their whitelists, causing them to report their own app. If using such an AV app, users can never be sure if any of the other apps on their device are actually malicious, because of the AV app’s ‘block unless whitelisted’ policy. Therefore, we do not consider the protection capabilities of these apps to be appropriate,” AV-Comparatives said.

So-called security apps that rely on blacklists or whitelists to detect threats have been around for some time, but AV-Comparatives says its latest tests have identified a higher number of such applications compared to the previous year. The company believes that the main goal of these apps is to generate easy revenue for their developers and not to actually protect users.

AV-Comparatives says users should only install apps from reputable vendors, rather than rely on data from Google Play, such as user reviews, number of downloads, and the frequency of updates.

Related: Android AV App Collected Data on Tens of Millions Users

Related: Hundreds of Fake Android Antivirus Apps Deliver Malware

Related: Google Removes Vulnerable Library from Android

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.