The company AV-Comparatives, where since 2017 engaged in the search for unscrupulous antivirus for Android, published the results of a large-scale study on security. Experts analyzed 250 popular applications from Google Play, the developers of which promise users of gadgets reliable protection. The test results were very disappointing.
To check the selected 250 antivirus, 100 "clean" APK-files and 2000 infected. In total, more than 500,000 test scans were conducted. During the experiment, experts installed anti-viruses on smartphones, which automatically launched the browser and downloaded infected applications. It is important to note that only widely known viruses detected last year were used — antivirus developers should have known about them. In practice, it turned out that only 80 of the tested applications were able to fix a little more than 30% of infected APK-files and had no false positives. Only 23 anti-viruses managed to detect all threats correctly-mainly products of well-known developers in the field of cybersecurity, such as Avast, Bitdefender, ESET, Kaspersky Lab, McAfee, Sophos, Trend Micro, Trustwave and others.
Antivirus software from 138 different developers found less than 30% of malicious applications and often called viruses popular programs from Google Play.
"We consider such antiviruses to be risky, i.e. inefficient or unreliable. In some cases, applications are just buggy, for example, because developers have poorly implemented a third-party engine. Others show only a few very old malware samples for Android and miss any infected application that contains specific lines of code, allowing them to pass a quick test for acceptance into the app stores," — noted the staff of AV-Comparatives.
Some anti-viruses, instead of checking the code, simply check the applications against their database, which is why many secure applications are designated as malicious, and Vice versa. The most interesting thing is that some antiviruses consider themselves a threat. And some, instead of actually checking applications for malicious code, check only the beginning of their names, so any program that starts, for example, on "com.adobe.*", pass the test.
"When it comes to choosing an antivirus for Android, we recommend that you consider the following factors. User ratings are clearly ineffective because the vast majority of users have no idea whether an application offers effective protection. Some reviews can be forged by developers. Most of the 250 apps we looked at in the Google Play Store got a score of 4 or higher. The number of downloads can also only be a very rough guideline — a successful Scam app can be downloaded many times before it becomes a Scam," experts write.