Android antivirus

Recent In-depth analysis against Android Antivirus in Google play store reveals that, 138 Android antivirus products are completely fake and potentially harmful to Android users.

AV-Comparatives research team performed the effectiveness of antimalware programs for Android to ensure the quality of malware detection against various sophisticated malware.

For the analysis, they took 250 Android antivirus apps published by different developers from the Google Play Store.

Test result reveals that only 80 Android Antivirus apps are detecting atleast 30% of malicious files and apps without any false alarm.

138 apps were detected less than 30% malware samples that is used for this test process with high rate of false positive on the legitimate and well known apps.

Remaining 32 antimalware apps are already removed from the google playstore by the respective developers, but all the tested samples in this list are highly risky and potentially harmful.


user interfaces of malicious apps

100% Malware Detection

The AV-test is based on the detection score, the scoring range starts from 100% and the least limit is 30%. An android app should detect atleast 30% of the malware samples.

In this case, Only 23 among 80 Android antivirus had 100% detection rate and rest of the apps are detecting the following percentage of detection,

Vendor%
AhnLab100%
Antiy
Avast
AVG
AVIRA
Bitdefender
BullGuard
Chili Security
Emsisoft
ESET
ESTSoft
F-Secure
G Data
Kaspersky Lab
McAfee
PSafe
Sophos
STOPzilla
Symantec
Tencent
Total Defense
Trend Micro
Trustwave
eScan99.8%
Ikarus
Quick Heal
REVE
Securion
VIPRE
Lookout99.6%
Supermobilesafe
BSafe99.5%
MyMobile
Malwarebytes99.4%
CheckPoint99.1%
K7
Qihoo99.0%
Hi Security98.6%
NSHC98.4%
AegisLab98.3%
Samsung97.7%
Webroot97.4%
Zemana97.3%
Hawk App97.1%
TrustGo96.0%
DU Apps94.7%
Alibaba92.9%
Tapi92.4%
IntelliAV91.8%
Panda91.6%
Dr. Web90.8%
Privacy Lab89.9%
Zoner88.9%
APUS87.8%
CAP Lab
Clean Boost+
Fotoable
Hyper Speed
IOBit
ONE App
Phone Clean
Power Tools
Smooth Apps
Super Cleaner
Super Security
We Make It Appen
Max Dev82.2%
Comodo77.6%
TG Soft76,7%
Antivirus Apps74.8%
Apex
Trustlook73,8%
Media Master73.1%
Brainiacs72.5%
Google68.8%
Malwarefox63.8%
MyData
Watchdog
GizmoSmart54.1%
NQ45.0%

According to AV comparatives, “The table above shows the protection rates reached by the 80 products that blocked over 30% of samples. We consider AV apps that block less than 30% of common Android threats to be ineffective/unsafe.”

Rest of the Apps are Fake

Apart from these 80 Android antivirus apps, remaining 138 vendors  detected less than 30% of samples and those all are considered as a very risky apps for Android users.

Many of the apps in this fake app list are already detected by reputed mobile antimalware apps as Trojans, dubious/fake AVs, potentially unwanted apps (PUA).

List of fake Anti malware apps listed in the Google Play Store.

1Machine System Sdn Bhd, actionappsgamesstudio, Amantechnoapps, AMIGOS KEY, Amnpardaz Soft, AndroHelm Security, ANTI VIRUS Security, Antivirus Mobile Lab, antivirus security, appflozen, appsshow, Appzila, Arcane Security Solutions, AS team security phone Lab, asuizksidev, Ayogames, AZ Super Tools, azemoji studio, Baboon Antivirus, bESapp, Best Battery Apps, Best HD Wallpapers APPS, Best Tools Pro, BestOne, Bit Inception, BKAV, Bom Bom, Booster studio Laboratory Inc., brouno, Bulletproof AV, Caltonfuny Antivirus Phone, Cheetah Mobile, CHOMAR, Chromia, Cloud 7 Services, Core Antivirus Lab, CPCORP TEAM: Photo blur & photo blender, CreativeStudioApps, CY Security, Defenx, DefineSoft, DreamBig Studios, DU Master, electro dev, Erus IT Private Limited, Falcon Security Lab, Fast n Clean, fluer-apps.com, Formation App, Free Apps Drive, FrouZa, Galaxy TEAM, GameXpZeroo, GlobalsApps, gndnSoftware, GOMO Apps, GoNext App Developers, Gridinsoft, LLC, handy tools apps, Hello Security, Immune Smart, INCA Internet, infiniteWays007, Islamic Basic Education, Itus Mobile Security, JESKO, jixic, Kolony Cleaner, Koodous Mobile, lempea, LINE, LIONMOBI, Live multi Player Game, Main Source 365 Tech, Mama Studio, MAN Studio, Marsolis Tech, Max Antivirus Lab, Max Mobi Secure, MaxVV, Mob Utilities, Mobile Tools Plus, Mobtari, Mond Corey, M-Secure, MSolutions, MSYSOFT APPS, My Android Antivirus, NCN-NetConsulting, Nepelion Camp, Nisi Jsc, Niulaty, NP Mobile Security, NPC Studios, Omha, Oxic Studio, Pix2Pic Studio, playyourapp, Pro Tool Apps, prote apps, Protector & Security for Mobile, Puce, Radial Apps 2018, RedBeard, Secure Cloud, SecureBrain2, Security and Antivirus for Android solutions, Security Apps Team, Security Defend, SECURITY LAB, Security Systems Lab, SecurityApplock, Sept Max, ShieldApps, SjaellSoft, SkyMobileTeam, Smart Battery Solution & Creative Screen Lock, smarteazyapps, Software Center, Soft War, stmdefender, Systweak Software, TAIGA SYSTEM, Tokyo Tokyo, Tools dev, tools for android, Utilitarian Tools, Vainfotech, VHSTUDIO, Vikrant Waghmode, Virinchi Software, Virtues Media & Application, VSAR, Wingle Apps, Xtechnoz Apps, XZ Game, Z Team Pro.

“Most of the Malicious apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business.”

How These Apps were Tested

Researchers from AV comparatives used almost 2000 most common Android malware threats that discovered in 2018 and the test was performed by automated Android testing framework.

” The test was performed in January 2019, mostly on Samsung Galaxy S9 devices running Android 8.0 (“Oreo”). As some security apps did not work properly on Android 8.0, those apps were tested on Nexus 5 devices running Android 6.01 instead (see page 17 for details). Each security app was installed on a separate physical test device.”

Researchers used the same process to test all the apps.

  1. Open the Chrome browser and download the malicious sample
  2. Open the downloaded .apk file using a file explorer app
  3. Install the malicious app
  4. Execute the installed app
Number of tested apps250
Number of tested malicious APKs2000
Number of tested clean APKs100

All the malicious apps has been reported to Google and expected to be removed from Google soon. AV comparatives said.

Training Course: Certified Cyber Threat Intelligence Analysts course that will introduce you to the 8 phases of advanced malware analysis.

Also Read:

VENOM – An Exploitation Tool to Bypass Anti Virus Detection with Encrypted Payloads

Leave a Reply