Two-thirds of Android antivirus apps don’t work

The Google Play Store is filled with bogus antivirus apps

Recently, independent research organization AV-Comparatives tested 250 antivirus applications on the Google Play Store. The findings were disappointing.

A majority of the apps were ineffective at identifying malicious software. In addition, many wrongly labeled safe applications as potentially harmful. For Android users, the key takeaway is to stick with antivirus apps from reputable companies and take other protective measures.

AV-Comparatives’ Revealing Study

AV-Comparatives presented more than 2,000 malicious programs to 250 antivirus apps. Ultimately, only 32 percent demonstrated a basic level of competence. The researchers defined “competence” as being able to identify at least three out of every ten harmful apps.

“In the past, we and others found malicious apps, non-working apps, so it is not really a surprise to find some bogus AV apps as well, “ said COO of AV-Comparatives, Peter Stelzhammer. “In the times of rogue AV software, you have to be aware of everything.”

The cybersecurity software also failed to perform in other ways. For example, some merely performed “whitelist” scans, checking newly installed applications against a preapproved list. Unfortunately, some of those apps didn’t whitelist themselves which caused the utilities to stop working. Others were coded to screen for certain naming conventions, leaving the door open for destructive apps to disguise themselves as harmless programs.

Why Launch a Bad Antivirus App?

AV-Comparatives believe developers release weak antivirus apps for the purpose of collecting user data. Antivirus programs need deep permissions to work effectively. As a result, they also have access to a lot of personal information other companies are willing to buy.

“Android apps like these are notorious for simply pushing more content on phones, but even more so they are simply used to gather data from the phone,” said RiskIQ researcher, Yonathan Klijnsma. “This ranges from basic information, like the model of the phones, towards like GPS polling, phone numbers, and any other personally identifiable information.”

Google has removed many of these phony antivirus apps from its Play Store. However, verifying the entire marketplace isn’t viable. Today, there are around 2.6 million apps available for download.

Looking on the Bright Side

On a positive note, AV-Comparatives did find a few apps that performed very well. For instance, 23 of the apps tested identified 100 percent of the malicious software used in the study. Several others came close to perfection.

The common thread between the makers of effective antivirus apps is the quality of their developers. The utilities that performed the best came from reputable cybersecurity organizations that have been in the game for a while. Included among the best were established firms like Bitdefender and Symantec.

Stelzhammer encourages Android users to protect their personal data with programs made by proven companies. “Download counts and reviews are not an option anymore,” he says. “The reviews cannot say anything about the quality of protection, only about the ease of use.”