Catalin Cimpanu reported ZDNet that two-thirds of all Android antivirus apps are frauds.
That means that 170 of the 250 Android antivirus apps had failed the organization’s most basic detection tests, and were, for all intent and purposes, a sham.
“Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business,” the AV-Comparatives staff said.
“Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons,” researchers said.
Having worked on Android apps before, this is a very frustrating situation for developers. On many occasions, we received negative reviews for the Android apps because our apps were flagged as malware by an antivirus app.
Nevertheless, there’s a way to get pass many of these antivirus apps.
However, results didn’t reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn’t actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code).
Essentially, some antivirus apps would mark any app installed on a user’s phone as malicious, by default, if the app’s package name wasn’t included in its whitelist. This is why some antivirus apps detected themselves as malicious when the apps’ authors forgot to add their own package names to the whitelist.
In other cases, some antivirus apps used wildcards in their whitelist, with entries such as “com.adobe.*”.
In these cases, all a malware strain had to do was to use a package name of “com.adobe.[random_text]” to bypass the scans of tens of Android antivirus products.
Do you have an antivirus app on your Android phone?
Leave a Reply