Android's built-in malware scanner gets a failing grade

Android logoA computer scientist has uncovered weaknesses in the application verification service Google recently rolled out to help users detect malicious apps on their Android smartphones and tablets.

"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android," Xuxian Jiang, a professor of computer science at North Carolina State University, wrote in a brief report published Monday. "However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement."

Jiang exposed Nexus 10 tablets running the Jelly Bean version of Android to 1,260 samples of malicious apps and found that the built-in scanner detected only 193 of them. That indicates a detection rate of just 15.32 percent.

Jiang also found the performance of Google's app verification lagged well behind the performance of 10 representative antivirus apps offered by third-party companies such as Avast, Symantec, and Kaspersky Lab. He did this by picking a pseudo random code sample from each of 49 malware families. Overall, the detection rates of the AV packages was 51 percent to 100 percent, compared with 20 percent for the Google service, which is included with the Google Play app. The scanning service, which examines apps downloaded from Google Play as well as alternate sources, is optional, although it's on by default. Jiang's report didn't rank the specific AV apps or list the detection rates for each one by name.

Android's built-in malware scanner gets a failing grade

A chief reason the app verification service misses so much malware is its reliance on cryptographic hash signatures to identify apps known to be malicious.

"This mechanism is fragile and can be easily bypassed," Jiang wrote. "It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it). To be more effective, additional information about the app may need to be collected. However, how to determine the extra information for collection is still largely unknown—especially given user privacy concerns."

Jiang also faulted the service for hosting the scanner solely in the cloud rather than using some sort of client-side solution.

"Unfortunately, it is not realistic to assume that the server side has all existing malware samples (especially with limited information such as app checksums and package names)," he wrote. "From another perspective, the client side, in the current implementation, does not have any detection capability, which suggests possible opportunity for enhancement. However, due to the limited processing and communication power on mobile devices, we need to strike a delicate balance on how much detection capability can and should be offloaded."

Jiang said VirusTotal, the free app-scanning website recently acquired by Google, also outperformed the app verification service. He said the service is likely to improve if it integrates VirusTotal.

Jiang's findings are sure to be hailed by makers of standalone apps that detect Android malware, like Lookout. On Friday, the company said an update it had pushed out mistakenly flagged legitimate apps, including one offered by Movie service Fandango, as malicious. The mistake was detected and fixed about an hour later.

Source: Ars Technica

Tags: Android, viruses

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

You can use a security key instead of having a code sent to your phone
Adobe says that the AI can now achieve the intended result in seconds
A new security protocol replacing the aging WPA2
Download and install at your own risk, of course
More iPhone parts likely to be produced by Samsung
Starting on Friday, video views on YouTube will start to be counted by the Official Charts Company
LG has already announced two new V-series members in 2018
The method is blocked and the hack doesn’t work, it adds
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (10)