Android mobile security apps: From the effective to the scam-like

Just under a quarter of mobile security applications for Android phones successfully blocked every one of last year’s top malware threats, but almost a third of the apps failed to stop any, and user-ratings were no guide to effectiveness, according to new test data.

Anti-Virus Comparative, an independent testing lab based in the Austrian ski-resort town of Innsbruck, this week published the results of a large-scale evaluation of security apps available in the tools section of the Google Play store.

Almost all of the 100 apps tested had Google Play store user-ratings above 4 stars, the lab’s founder and CEO Andreas Clementi noted, including those that “failed to offer even basic protection against common threats.” Many also had high download numbers.

“This test shows clearly that when it comes to security, users cannot rely on numbers of downloads or user ratings to determine how effective an app is,” said Clementi in a blog post.

The apps were tested by being installed on real phones — Nexus 5 devices running Android version 6.0.1 Marshmallow. The apps were connected to the Internet via Wi-Fi and allowed to update themselves if needed. Any automatically initiated or suggested user-approved post-install actions (like an initial scan) were carried out, and then a malware threat was downloaded via a browser, opened, installed and executed — unless the app stopped it.

After each step, the security app was allowed time to analyze the malicious sample and notify the user, and the test doesn’t discriminate for the stage at which the malware was blocked. Only malware that was actually able to execute on the device was counted as getting through. Any malware that wasn’t executed was counted as blocked, whether it was stopped before download, opening, install or just before execution.

At the end of the process, which was managed by a server application with a client app on each of the test devices, the malware was deleted, unless it had executed, in which case the whole device was wiped and reinstalled.

“The client [app] monitors file and process changes, newly installed apps and their permissions, as well as reactions of the installed security software to malicious activities on the device. The server remotely controls the test devices via Wi-Fi and organizes the results received by the client applications,” explains the company’s report.

Getting to 100

Automating the process in this way made it possible for Anti-Virus Comparatives to test their 100 security apps against 1,000 pieces of malware found in the wild last year, the report states. “With such samples,” the report explains, detection rates of 100 percent “should be easily achieved by genuine and effective anti-malware apps.”

The following apps had a 100 percent success rate, the tests found: WhiteArmor, Trend Micro, Total Defense, Tencent, Symantec, Sophos, Quick Heal, Psafe, One App, McAfee, Kaspersky Lab, Ikarus, G-DATA, ESET, Emsisoft, Cheetah Mobile, BullGuard, Bitdefender, Baidu DU Apps, AVIRA, AVG, Avast, Antiy and AhnLab.

But the anti-malware apps of AndroHelm, Ascal, Baboon, BitInception, Bluesteeleffect Studios, Brainiacs Apps, CHOMAR, CTPlate, Defenx, EnjoyPlus, Farga, H2, Hornet, IncodeSolutions, Itus, Max Security, NCN-NetConsulting, Play Studio Apps, Pro Tool Apps, Security Defend, SmartDev Studio, Vasa and VSAR detected and blocked fewer than 30 percent of the 1,000 known malicious threats.

“We consider apps scoring below 30 percent on common Android threats to be unsafe and completely unacceptable,” states the company.

The company says that some of the apps should be considered “scams” because they are so ineffective. “In a few cases,” the report acknowledges, “this might be due to apps having been abandoned by the developer and thus no longer being [kept up to date]. Whilst such cases cannot be regarded as scams, we consider it irresponsible of the developers not to remove these apps from the [Google Play] store.”

A small number of products from relatively well-known vendors did not score very well, notes the report, suggesting that “the manufacturers have developed them purely for marketing reasons. That is to say, there is not much money in the Android security-app market, but having an Android app visible in the Google Play Store helps to keep the vendor visible, and may thus promote their other, more profitable products.”

Anti-Virus Comparatives originally set out to test 110 security apps, but some had “so many bugs that they either cannot be installed, or crash so frequently as to be unusable.”