Mobile app security testing of Android anti-malware apps in the Google Play Store has showed that most are useless, giving the user no protection or benefit.
Mobile app security testing researchers at independent lab AV Comparatives looked at 110 anti-malware apps from well known names in the space including Kaspersky, Avast, F-Secure, Symantec, and ESET.
The apps failed to achieve the benchmark for malware of a detection rate of 90 to 100 percent that is expected of effective anti-malware apps.
The AV comparative researchers ran 100,000 tests against 1000 of the most well known Android malware threats from 2016, only 24 of the 100 apps that went through mobile app security testing detected all the malware.
21 of the apps managed to detect 90.2% – 99.9% percent of the malware samples, and 21 of the apps were detecting 30% or lower of the malicious Android packages. 9 “were so buggy that they could not be installed/tested”.
Some of the apps were so poor that it’s possible to view them as malware, with five collecting sensitive data from user devices and claiming to use anti-virus software without doing so.
The reason for well known companies releasing substandard apps on the play store seems to be aimed at helping vendor visibility and helping to shift other, profitable products.
AV’s mobile app security testing used physical Android devices for real world testing and monitored the status of the device using a client app that sends it finding to the server at the end of the test case. The client monitored file and process changes, newly installed apps and permissions, and the reactions of the security software.
AV comparatives report is available here and makes for interesting reading.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.