Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Many Security Apps on Google Play Inefficient, Fake: Study

Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.

Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.

The applications reviewed by AV-Comparatives were tested against 2,000 malicious and 100 clean APKs, totaling over 500,000 test runs. Unsurprisingly, the tests showed that the products of reputable security firms such as Avast, Bitdefender, ESET, F-Secure, G-Data, Kaspersky, McAfee, Sophos, Symantec, Tencent, Trend Micro and Trustwave can detect all malware.

Overall, 70 products blocked over 80% of the malware samples and 80 products blocked over 30% with no false positives — AV-Comparatives considers antiviruses that block less than 30% as being ineffective or unsafe.

Android apps from 138 vendors were classified as inefficient due to detection rates of under 30% or due to many false positive detections. Some of the apps have been found to incorrectly implement third-party antimalware engines. Others have been removed or will likely be removed from Google Play in the upcoming period as reputable mobile security apps have detected them as trojans, fake AVs or potentially unwanted applications (PUAs).

Many of the applications that AV-Comparatives has classified as “risky” are designed to block almost all applications installed on an Android device, except for apps found on a whitelist, which they consider to be trusted.

“Apart from the apps on their respective whitelists, the risky ‘AV apps’ block almost all other apps, regardless of whether they were installed from the official Google Play Store or not. Some of them do not even bother to add their own packages to their whitelists, causing them to report their own app. If using such an AV app, users can never be sure if any of the other apps on their device are actually malicious, because of the AV app’s ‘block unless whitelisted’ policy. Therefore, we do not consider the protection capabilities of these apps to be appropriate,” AV-Comparatives said.

So-called security apps that rely on blacklists or whitelists to detect threats have been around for some time, but AV-Comparatives says its latest tests have identified a higher number of such applications compared to the previous year. The company believes that the main goal of these apps is to generate easy revenue for their developers and not to actually protect users.

AV-Comparatives says users should only install apps from reputable vendors, rather than rely on data from Google Play, such as user reviews, number of downloads, and the frequency of updates.

Related: Android AV App Collected Data on Tens of Millions Users

Related: Hundreds of Fake Android Antivirus Apps Deliver Malware

Related: Google Removes Vulnerable Library from Android

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...