Android 4.2 introduced some new anti-malware protections, letting you scan locally-installed apps to see if they throw up any red flags that might indicate they’re malicious. While that sounds like a smart step towards keeping our phones secure, it’s really only any use if it actually works. Researchers at North Carolina State University have put Google’s scanner through its paces, and the results they got are less than promising.
The team threw 1260 malware samples at Android 4.2, and Google was only able to detect 193 of them, just over fifteen percent. That’s a bit embarrassing, but maybe Android malware is really hard to detect, right? Well, running a selection of those apps through a number of anti-virus engines managed to detect between 51% and 100% as malware, with most systems capable of getting well into the 90% range. Jelly Bean’s AVS did a little better this time around, but still only managed to hit 20%.
So, what are the lessons here? Google could stand to work on improving its own catalog of known malware, since it appears to be detecting problem apps based on their names and hash values; change those, and the scanner misses it. Perhaps the most valuable advice would be for all of us to think twice about just where our side-loaded apps are coming from.