Android Anti-Malware Software Not Catching Malware

It isn’t a good time to be a user of Android. Not only is Google being sued by two separated individuals (one for invasion of privacy on his phone after Google’s new ‘privacy’ policy, the other for being caught by a Google camera for Streetview while urinating in his garden), it is also being sued by BT, Microsoft and Apple. Not only is the search giant itself constantly plagued with trouble, so too is its mobile operating system Android.

It’s no secret that Android has more than its fair share of malware and ‘trouble’ apps in its Market – giving a bad name to open-source software, although in reality it’s nothing to do with Android being open-source (which can be only be claimed in the most tenuous way) but Google’s “we don’t really give a shit, we’re only in it for the advertising anyway” approach.

Users concerned about rogue apps would install one of the various anti-malware apps available in the same way PC users install anti-virus. But recent tests found that two-thirds of the anti-malware scanners available for Android aren’t up to the job, including Comodo, McAfee, NetQin and Bullguard.

AV-Test put 41 separate malware scanners through testing, and almost two-thirds (66%) are unreliable and not to be trusted to do their job. How unreliable? Of the 618 types of malware tested, the scanners picked up less than 65%. The ones that are up to the job are the professional packages that we expect to work, and they caught over 90% of the Android malware that they were exposed to – Dr Web, Lookout, Zoner, Kaspersky, Ikarus, F-Secure and Avast.

There were also those products that scored better than 65% but less than 90%, and again these are names we expect to do well catching malware – AVG, ESET, Norton/Symantec and Webroot among them.

In addition to that, there were some that scored less than 40%, and while none of them are from recognised software makers, most of them failed to acknowledge that a week-known Trojan had been opened, let alone finding anything during a routine scan.

The problem with these results is the sheer amount of malware targeting Android, and thus its large amount of users. According to AV-Test there were over 11,000 different types of Android malware, and to give a context of how quickly that number has appeared, there were only 2,000 at the end of October 2011. The malware includes phishing and banking Trojans, spyware, SMS fraud Trojans, fake installers and premium diallers, and with it all lurking in the Market, the very least you want (if not a new operating system) is a reliable anti-malware scanner.


As if it isn’t enough that Google can’t even keep track of what’s entering its Market, it appears it can’t even be trusted to properly code its own software, as it is revealed that there is a weakness in Android phones that makes it possible for attackers to record phone calls secretly, monitor location data and gain access to other private data – without the user even knowing.

According to a paper written by researchers from the North Caroline State University, Android phones by HTC, Samsung, Motorola and Google contain code that grant powerful capabilities to apps that are not trusted, and that the “explicit capability leaks” circumvent key security defences Android has that require users to give permission to apps to access personal information and functions, such as location and text messages. Part of Android’s appeal is its customisation and that the hardware vendors can add their own ‘skin’ and services to the basic model provided by Google, yet it is these very customisations that make the weakness possible. The researchers stated that, “We believe these results demonstrate that capability leaks constitute a tangible security weakness for many Android smartphones in the market today…Particularly, smartphones with pre-loaded apps tend to be more likely to have explicit capability leaks.”

The researchers’ tests found that the HTC EVO 4G was the most vulnerable, leaking eight functions that include text messages, audio recorded and precise geographic location finder. The second most vulnerable was the HTC Legend with six leaks – making HTC a particular manufacturer to avoid. The Samsung Epic 4G has three leaks, including the ability to clear applications and data from the phone. Part of the problem is that the Android Market does not perform any security checks on the applications that come pre-bundled with certain phones; Google’s way to deal with this was the permission-based security model – where users have to agree to an app’s wants and needs before it runs for the first time. However, the enhancements supplied by the manufacturers offer a way to get around this security feature. According to the researchers, Google and Motorola (now owned by Google), have confirmed these vulnerabilities. By contrast, HTC and Samsung “have been really slow in responding to, if not ignoring, our reports/inquiries.”

The researchers who found this problem are the same ones that found other security vulnerabilities in Android, including the presence of at least twelve malicious apps in the Market. The apps, which stole data, remained in the Market for months and were downloaded hundreds of thousands of times before they were removed, which only happened after the researchers informed Google.

Are these concerns over privacy reason enough to avoid Android?