Most Android Anti-Malware Apps Don’t Offer Any Protection

Most Android Anti-Malware Apps Don’t Offer Any Protection

You can’t spend long on the internet without hearing about some piece of malware that’s going to take over every Android phone in the world. The hysteria over Android malware is a bit overblown, but it’s led to the proliferation of anti-malware apps that promise to keep your phone squeaky clean. A new analysis from Austrian antivirus testers AV-Comparatives claims that most AV apps on Android are ineffective, and some are downright frauds.

AV-Comparatives tested 250 of the top Android antivirus apps and services by installing them on a Samsung phone. They automated the device, directing it to download and install known malware apps from the browser. The test was extensive, covering the 2,000 most common Android malware variants from the past year. Presumably, anti-malware suites should be familiar with those nasty pieces of code. Sadly, many of them were not.

Only 23 apps had a 100 percent success rate with all malware samples. A few more were over 99 percent effective. Most of the big names in malware research and protection were near the top including AVG, ESET, Kaspersky, McAfee, and Sophos. Google’s built-in Play Protect feature was a bit lower at 68.8 percent, but it’s designed to be more conservative.

AV-Comparatives reports that just 80 of the 250 apps detected more than 30 percent of the 2,000 malware samples with no false positives (100 non-malicious control apps were installed as well). Those would be the most obvious and severe threats. So, any app that can’t even spot those is not worth using.

Most Android Anti-Malware Apps Don’t Offer Any Protection

Many of the poorly performing apps in the test were not actually performing malware scans, according to AV-Comparatives. Instead, they used simple white/blacklists to tag apps. This is open to exploitation by malware creators and led to numerous false positives. You can slip malware past these apps by using a package name like “com.google.android.scarymalware” because the beginning is the same as Google’s apps. Some of these AV suites didn’t even bother to add their own package names to the whitelist. These apps market themselves as malware. Oops.

Running a shady app that promises to keep you safe while doing nothing can also give you a false sense of security. With so many utterly hopeless Android anti-malware apps, AV-Comparatives recommends you stick to the well-known brands. As long as you’re not venturing into dark corners of the internet to download apps, the pre-loaded Google Play Protect should be good enough.