The world of antivirus is full. You usually invite everyone who sees, all the software on your device, confident that it will resume bad people and not tamper with its own access to the process. On Android, that problem is combined with dozens of apps that are not only ineffective-they are explicitly explicit.
That's finding a new published research from AV-Comparatives, a European company that, in its name, tests antivirus products. In a survey of 250 antivirus apps found on the Google Play Store, only 80 have demonstrated the core competence in their jobs by detecting 30 percent or more of the 2,000 malicious AV-Comparatives apps that have been thrown at them . The rest either fails to meet that benchmark, often mistyping benign apps for malware, or getting from the Play Store altogether. In other words, they are sad. "In the past we and others found malicious apps, non-working apps, so it's not really a surprise to find some bogus AV apps as well," says Peter Stelzhammer, COO of AV-Comparatives. "In the times of the AV software heart, you need to know everything."
Frustration has different colors, of course. Some AV-Comparatives antivirus apps are actually tested by a decent job of blocking malicious apps, but identifying potential dangers on their own. Many dozen products-all sharing with a suspicious similar user interface-rely on a "whitelist" approach, meaning that only named apps are allowed to run on the device. Think of it as a bouncer in a club with a very strict visitor list; no one should go, whether they are good or not.
The immediate prediction of the strategy should be obvious: An antivirus based solely on whitelisting will block many completely legitimate apps. In some cases, AV-Comparatives study notes, antivirus apps even forgot the whitelist themselves, which creates a failure of ours.
"During rogue AV software times, you should know everything."
Peter Stelzhammer, AV-Comparatives
This type of whitelisting identifies a second concern. These apps are coded to trust any package name starting with, say, "com.adobe. " or "com.facebook. " But that also means hackers could name their malware com.facebook.bigbadvirus and still be exceeded. Think of our bouncer again, which in this situation has specific instructions to inform John Stamos at the club any time he wants. Our friend is happy to raise the rope for three raccoons in a trench coat, as long as they do not identify themselves as John Stamos Raccoons.
Why go to all the trouble with pushing fake, or the best serious broken, antivirus app? To snap up personal data of users, of course. Remember, antivirus apps are naturally asking, and generally receiving, in-depth permissions. "Android apps like these are well-known for simply pushing more content on phones, but more so that they are only used to collect data from the phone," says Yonathan Klijnsma, head researcher threats to security intelligence firm RiskIQ. "These are from basic information such as phone models, to live GPS polls, phone numbers, and any other personal information to be acquired."
While Google has acquired many deceptive apps, they are still ongoing. It is also unclear if Google can reasonably expect to deal with the size of the water. "I'm not sure what to expect from Google regarding these apps," says Mohammad Mannan, a scientific computer at Concordia University who researched antivirus software. "In general, Google as a market operator may not be able to review all apps to verify if the apps meet their advertising obligations." Google does not comment on what its protections are in place to keep fake or corrupt antivirus software in the Play Store. Mannan said that in some ways it is like repenting a boring game for claiming that it is "very exciting."
The good news is not all Android antivirus is worthless. AV-Comparatives finds 23 apps that get 1
"Downloads and reviews are not an option," Stelzhammer says. "Reviews can not say anything about the quality of protection, just about ease of use, and this does not mean that you're well protected, and they can even be counterfeit."
On the other hand, it's possible you also not install an antivirus app. Even good ones can be foolish, especially on a platform as permissive as Android. They run out of resources at an aggravating rate. And many of the protection they offer can be achieved only by avoiding third-party app stores in the first place. At best, they can help a little. At worst, there will be many illnesses.
More Great WIRED Stories