SlideShare una empresa de Scribd logo

Anti-Malware Test Report for Android Apps

Комсс Файквэе
Комсс Файквэе

The document is a test report that evaluated 41 Android anti-malware solutions and grouped them into categories based on their average detection rates of malware families. The top category detected over 90% of malware and included solutions from Avast, Dr.Web, F-Secure, Ikarus, Kaspersky, Lookout, McAfee, MYAndroid Protection, NQ Mobile, and Zoner. The next category detected between 65-90% and included solutions from 13 companies. The third category detected between 40-65% and included BluePoint, G Data, and Kinetoo. The fourth category detected less than 40% and did not include major security companies.

Tecnología
1 de 21
Descargar para leer sin conexión
Test Report: Anti-Malware solutions for Android Published: March, 15 t h 2012 Version: 1.1a
Anti-Malware solutions for Android Copyright © 2012 AV-TEST GmbH. All rights reserved. Postal address: Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69 For further details, please visit: http://www.av-test.org 1
Anti-Malware solutions for Android Update March, 15th 2012 (Version 1.1a) Added a remark regarding the detection rate of Bitdefender, ESET, Trend Micro and Vipre on page 8. Update March, 13th 2012 (Version 1.1) It has been brought to our attention that certain parts in our initial report and the testing methodology are considered imprecise and/or flawed by third parties. Therefore AV-TEST performed additional tests to sort out any of those issues and provides the updated results in this report. The retest was performed between March 9th to 13th, with the most current program versions and signature updates (including full Internet access to enable in-the-cloud queries) of all products that were not in the light green or dark green category. We would especially like to thank MYMobileSecurity (MYAndroidProtection), NQmobile (Netqin) and Total Defense for their feedback on this topic. Update March, 7th 2012 (Version 1.0a) The product name of Avast has been corrected to “avast! Free Mobile Security” instead of “avast! Mobile Security”. 2
Anti-Malware solutions for Android Content 1. Introduction......................................................................................................................................... 4 2. Test report ........................................................................................................................................... 6 3. Test results .......................................................................................................................................... 8 4. Testing issues..................................................................................................................................... 11 5. Conclusion ......................................................................................................................................... 12 6. Product details................................................................................................................................... 13 3
Anti-Malware solutions for Android 1. Introduction The Smartphone market grew enormously over the last five years and the mobile malware evolved rapidly, too. Right now there are over 450.000 apps in the Android market, where as there were less than 100.000 in July 2010 1. This makes it the fastest growing software market overall. With the rise of new apps, the number of malware increases as well. Figure 1 shows the growth of the AV-TEST Android malware collection. The increasing curve is similar to what we've seen for PC malware in the last years. The threats for Android include Phishing- and Banking-Trojans, Spyware, Bots, Root Exploits, SMS Fraud, Premium Dialers and Fake Installers. There have also been reports about Download-Trojans – apps that download their malicious code after installation – which means that these apps can't be easily detected by Google's Bouncer technology 2 during publication in the Google Android Market. Our collection used for this test contains more than 20 different Android malware families, which cover each of the previously named threats. Android Malware Collection Growth 14000 12000 10000 8000 6000 4000 2000 0 New Android Malware per Month Total Number of Android Malware Figure 1: Android malware collection growth since January 2011 In November 2011 we’ve revealed that many Antivirus apps, which are available for free in Google's Android Market, don't provide a sufficient malware protection for your Android mobile. This time we are trying to cover the good and the bad and started reviewing as many Android Anti-Malware apps as we could find, regardless whether an app requires a specific Android version or device. These apps include free and non-free programs, intended for personal use. This report aims to give an impression of the malware detection rates. As an independent test institute, we aren't in the position to recommend a specific product, but you can certainly use our report to find your personal favorite. However please bear in mind, that malware may not the only or the most important threat to your 1 <http://en.wikipedia.org/wiki/Android_operating_system> 2 Google's Bouncer technology checks apps for malware during publication in Google's Android Market <http://googlemobile.blogspot.com/2012/02/android-and-security.html> 4
Anti-Malware solutions for Android device. Even if a product scores poorly in malware detection it may have other convenient features, such as remote lock and wipe, backup and phone locating, that make it useful for your purposes. It is also possible to run two or more security apps on your device at the same time, using only the best features of the single apps. 5
Anti-Malware solutions for Android 2. Test report The large number of tested apps required a scalable test environment, so we decided to use the Android emulator supplied by the Android SDK as basis for the review. The emulator has some advantages in contrast to a real device. There is root-access without exploiting the device and you can easily switch between API versions and screen sizes. It has also some disadvantages. You don't have a real phone number, which might be required to activate an app through SMS, and the emulated 3G connection may have a too high latency for querying the cloud of some vendors. While the advantages of the emulator make testing more comfortable, the disadvantages limit the number of apps, which could be properly tested. To get around this limitation, the apps, which didn't work in the emulator, were tested on a real device and all emulator results were cross checked and verified on a real device. The emulator was set up with API level 10 (Gingerbread, Version 2.3) and for non- emulated testing we used a Samsung GalaxyTab (GT-P1010) with Froyo (Version 2.2) and a Samsung Galaxy Nexus (GT-I9250) with Ice Cream Sandwich (Version 4). The products were updated to their latest available versions/signature updates and were allowed to connect to their cloud during the test. The real devices were flashed to factory default settings after every test to provide each product the same clean environment. Among the tested apps we saw two different approaches for the on-demand scan. While many apps simply scan the complete device storage, some other apps scan installed apps and important files only. The latter were not able to scan the malware set with 618 malicious APK-files as it was stored on the SD card. Therefore, we tested the real-time protection feature of those apps instead. That means that all malware apps in our sample set were installed on a device or emulator one by one. After an app has been installed, the tester waited for feedback of the real-time protection, which should pop up if it finds a malicious app. In case of an undetected sample, it was uninstalled manually. This is a time consuming approach and may not work in the future with larger sample sets (see Fig. 1). Regarding the detection rates, it makes no difference whether a malicious app is detected by an on- demand scan or by the real-time scan, when the app is installed. From the testers' point of view, an on-demand scan with many samples is much easier to realize than an on-access scan. However from the user’s point of view the only criterion is protection, no matter at which point and how this takes place. After an on-demand scan has been completed and all detections were removed the testers saved the remaining files, because the reporting abilities weren't consistent among all apps. The files that were left over and have not been modified were flagged as "not detected". In case of the on-access testing, the testers wrote their own report since the samples were tested one by one. With the knowledge of which specific files have been detected by a scanner, we were able to analyze the scan results based on malware families. The family based analysis can help vendors to improve the protection for malware families with low detection rates. If the results would only provide a total, absolute detection rate, it would be impossible to notice if an app that scored well missed an entire malware family or not. So this way of displaying the results gives both the reader and the vendor much more insight. Furthermore this helps to decide whether a product that doesn’t score 100% is still a good choice, e.g. because it misses on a malware family that is no threat to a specific user group or environment. 6
Anti-Malware solutions for Android In this report no exact detection rates are given, instead the products are grouped into five different categories, referring to different ranges of detections (Fig. 2 and Fig. 3). The first category contains products that detected over 90%, the second category 90% to 65%, the third 65% to 40%, the fourth everything less than 40% but above 0% and finally the last group contains the products that didn’t detect anything. VERYGOOD GOOD SATISFYING SUFFICIENT NULL > 90% > 65% > 40% > 0% 0% Figure 2: Detection rate legend There are several reasons for doing that: 1. The number of malware samples is still fairly small 2. Determining the prevalence of malware apps is difficult 3. Malware apps are quickly removed from the market (and even remotely from the device) This all comes down to one issue: It can happen very easily that a sample set is distorted by samples that are not really relevant anymore or were never at all. It is impossible for us to measure the prevalence of malware apps. It is also not possible to determine when and how long they have been a threat to the user. Therefore we identified the most widely known malware families and primarily used those for the test. Only malicious apps that we have discovered between August and December 2011 have been included in the test set. A few further malicious apps which don’t belong to the listed families have been put in a category called “Other” and represent other families. Even with those precautions it is possible that malware samples that are not suitable for this test are included. Already 30 wrongly chosen samples could change the result by 5%. In order to avoid too heavy effects from these issues, the results are categorized. However, by looking at the individual family detections it is still possible to get a fairly accurate picture of the absolute detection rate. The products were distributed over all detection ranges as shown in Figure 3. Detection rate distribution 2 10 13 3 13 > 90% > 65% > 40% > 0% 0% Figure 3: Detection rate distribution 7
Anti-Malware solutions for Android 3. Test results During February and March 2012 we Product Average Family Detection reviewed 41 different Android Anti- A avast! Free Mobile Security VERYGOOD A Dr.Web anti-virus Light Malware solutions. The test results are VERYGOOD A F-Secure Mobile Security shown in Figure 4³. VERYGOOD A IKARUS mobile.security LITE A Kaspersky Mobile Security >90% The best products in our tests (with A Lookout Security & Antivirus detection rates of 90% and above) come B McAfee Mobile Security from the following top 10 companies, B MYAndroid Protection B NQ Mobile Security listed in alphabetic order: Avast, Dr. Web, A Zoner AntiVirus Free F-Secure, Ikarus, Kaspersky, Lookout, A AegisLab Antivirus Free McAfee, MYAndroid Protection, NQ A AVG Mobilation Anti-Virus Free Mobile and Zoner. Users of products A Bitdefender Mobile Security made by these companies can be assured B BullGuard Mobile Security B Comodo Mobile Security that they are protected against malware. A ESET Mobile Security >65% A Norton Mobile Security Lite Products with a detection rate of between A Quick Heal Mobile Security 65% and 90% can also be considered to be A Super Security very good and have the potential to join B Total Defense Mobile Security the group of best products above if small A Trend Micro Mobile Security GOOD changes are made to the set of malware A Vipre Mobile Security (BETA) GOOD A Webroot SecureAnywhere tested. Some of these products only fail to GOOD B BluePoint Security Free detect just one or two malware families >40% SATISFYING B G Data Mobilesecurity that may not even be prevalent in certain SATISFYING B Kinetoo Malware Scan SATISFYING environments. The following 13 products, B ALYac Android SUFFICIENT listed in alphabetic order, fall into this B Android Antivirus SUFFICIENT B Android Defender Virus Shield category: AegisLab, AVG Mobilation, SUFFICIENT B Antivirus Free Bitdefender, BullGuard, Comodo, ESET, SUFFICIENT B BlackBelt AntiVirus Norton, QuickHeal, Super Security, Total SUFFICIENT B CMC Mobile Security SUFFICIENT Defense, Trend Micro, Vipre and B Fastscan Anti-Virus Free >0% SUFFICIENT B GuardX Antivirus Webroot. SUFFICIENT B MobiShield Mobile Security SUFFICIENT B MT Antivirus It should be noted that Bitdefender, ESET, SUFFICIENT B Privateer LITE Trend Micro and Vipre missed the top SUFFICIENT B Snap Secure category by just a few samples. The SUFFICIENT B TrustGo Mobile Security average family detection rate for these SUFFICIENT B LabMSF Antivirus beta 0 NULL four products was in the area of 88.1% to B MobileBot Antivirus NULL 3 89.9%. Figure 4: Average detection rate per malware family (products in alphabetic order per category) BluePoint, G Data and Kinetoo fall into the third category, namely that of products with a detection rate of between 40% and 65%. It is possible that the manufacturers of these products do not yet have a sufficient infrastructure that enables them to collect a wide range of malware or that they focus on a local market. These products provide reliable malware protection against a few families, 3 Products marked with “A” were tested during February 2012. Products marked with “B” were retested during March 2012. See the report update page at the beginning of the document. 8
Anti-Malware solutions for Android but have trouble dealing with and detecting others. It can be expected that these products will improve when their manufacturers focus on a wider variety of malware samples. The fourth category, which is used for products with a detection rate of less than 40%, does not contain any products from well-known anti-virus protection manufacturers. Some of the products in this category also performed below average in our last test. We have now reviewed two other products that are listed in this final category and we could not clearly determine whether or not they correctly scanned the set of malware test or whether they were actually able to detect anything at all. We were therefore unable to record a detection rate when using our set of well-known samples or the EICAR test file 4. Even in the on-access tests these products had no detections. So it is safe to assume that these products really don’t detect anything, but we still wanted to point out the possibility of a flaw in our testing methodology. The malware family based analysis in Figure 5 shows that some products miss the top group only due to their low detection of one or two malware families. You can expect better signatures for these families to be added in the near future. The detection of specific families can also depend on each vendor’s definition of malware. Some families might only be annoying advertisement apps, while others include real malicious code, which can lead to monetary damage or data loss. Therefore some vendors may decide to not detect certain potentially unwanted, but not clearly malicious, apps. 4 The EICAR test file can be used to determine whether an anti-malware software is operational or not and can be obtained here <http://www.eicar.org/86-0-Intended-use.html> 9
Anti-Malware solutions for Android Average Family Detection Exploit.Lotoor Glodream BaseBrid DorDrae FakeInst Geinimi Nickspy KungFu Opfake Rooter Gonca Xsider SerBG Other Boxer Jifake Kmin Adrd Yzhc avast! Free Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Dr.Web anti-virus Light VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD F-Secure Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD IKARUS mobile.security LITE VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Kaspersky Mobile Security (Lite) VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Lookout Security & Antivirus VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD SATISFYING McAfee Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD MYAndroid Protection Antivirus VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NQ Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Zoner AntiVirus Free VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD AegisLab Antivirus Free GOOD VERYGOOD SATISFYING NULL SATISFYING GOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD SATISFYING GOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD SATISFYING AVG Mobilation Anti-Virus Free GOOD VERYGOOD GOOD VERYGOOD SUFFICIENT GOOD VERYGOOD VERYGOOD GOOD VERYGOOD SUFFICIENT VERYGOOD SUFFICIENT GOOD NULL VERYGOOD VERYGOOD SATISFYING SUFFICIENT GOOD Bitdefender Mobile Security GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD BullGuard Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NULL VERYGOOD NULL GOOD GOOD Comodo Mobile Security GOOD GOOD GOOD VERYGOOD GOOD GOOD GOOD GOOD GOOD VERYGOOD SATISFYING VERYGOOD SATISFYING GOOD GOOD GOOD SATISFYING GOOD VERYGOOD SATISFYING ESET Mobile Security GOOD VERYGOOD GOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD VERYGOOD Norton Mobile Security Lite GOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD SUFFICIENT SATISFYING VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD GOOD VERYGOOD VERYGOOD GOOD NULL VERYGOOD SATISFYING GOOD Quick Heal Mobile Security GOOD GOOD GOOD VERYGOOD GOOD VERYGOOD GOOD SUFFICIENT GOOD VERYGOOD GOOD VERYGOOD SUFFICIENT GOOD GOOD VERYGOOD SUFFICIENT GOOD SATISFYING GOOD Super Security GOOD GOOD GOOD VERYGOOD SUFFICIENT SUFFICIENT VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD NULL VERYGOOD SATISFYING VERYGOOD GOOD Total Defense Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NULL VERYGOOD NULL GOOD GOOD Trend Micro Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD SATISFYING VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD SUFFICIENT GOOD VERYGOOD GOOD Vipre Mobile Security (BETA) GOOD GOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD Webroot SecureAnywhere Mobile GOOD GOOD GOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD SUFFICIENT GOOD VERYGOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD GOOD BluePoint Security Free SATISFYING SATISFYING SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD GOOD SUFFICIENT SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT NULL SUFFICIENT VERYGOOD SATISFYING SUFFICIENT SUFFICIENT SATISFYING G Data Mobilesecurity SATISFYING SATISFYING SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD GOOD GOOD SUFFICIENT NULL VERYGOOD SUFFICIENT GOOD SUFFICIENT NULL SATISFYING SATISFYING SUFFICIENT SATISFYING Kinetoo Malware Scan SATISFYING SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT VERYGOOD SUFFICIENT GOOD SUFFICIENT NULL SATISFYING SUFFICIENT SATISFYING GOOD ALYac Android SUFFICIENT SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD NULL SATISFYING NULL NULL NULL SUFFICIENT GOOD SATISFYING SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT Android Antivirus SUFFICIENT NULL NULL NULL SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL Android Defender Virus Shield SUFFICIENT NULL NULL NULL SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL NULL NULL NULL NULL SUFFICIENT Antivirus Free SUFFICIENT NULL NULL NULL NULL SUFFICIENT SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT BlackBelt AntiVirus SUFFICIENT SUFFICIENT NULL SUFFICIENT NULL NULL SUFFICIENT SUFFICIENT NULL SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT CMC Mobile Security SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL NULL SUFFICIENT Fastscan Anti-Virus Free SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT GOOD SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SATISFYING SATISFYING SUFFICIENT NULL SATISFYING SUFFICIENT SUFFICIENT GuardX Antivirus SUFFICIENT SUFFICIENT SUFFICIENT NULL NULL SUFFICIENT NULL SUFFICIENT NULL NULL NULL NULL NULL NULL NULL VERYGOOD SUFFICIENT NULL NULL NULL MobiShield Mobile Security SUFFICIENT GOOD GOOD VERYGOOD NULL SUFFICIENT GOOD GOOD NULL NULL NULL NULL SUFFICIENT NULL NULL NULL VERYGOOD SUFFICIENT SUFFICIENT SUFFICIENT MT Antivirus SUFFICIENT NULL SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL SUFFICIENT Privateer LITE SUFFICIENT SUFFICIENT SATISFYING NULL NULL VERYGOOD SUFFICIENT SUFFICIENT SATISFYING NULL SUFFICIENT VERYGOOD GOOD NULL NULL SUFFICIENT SUFFICIENT GOOD NULL SUFFICIENT Snap Secure SUFFICIENT SUFFICIENT SATISFYING SATISFYING SATISFYING SUFFICIENT SUFFICIENT SUFFICIENT SATISFYING GOOD NULL SUFFICIENT SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT SUFFICIENT NULL SATISFYING SUFFICIENT TrustGo Mobile Security SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT GOOD SATISFYING SUFFICIENT SUFFICIENT GOOD SUFFICIENT NULL GOOD GOOD NULL SUFFICIENT SUFFICIENT NULL SUFFICIENT SUFFICIENT SATISFYING LabMSF Antivirus beta NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL MobileBot Antivirus NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL Figure 5: Detection by malware family (products in alphabetic order per category) 10
Anti-Malware solutions for Android 4. Testing issues Despite the fact that some apps weren’t able to scan our sample set on the SD card and therefore have to be tested in a time consuming on-access test, we were also faced with apps which couldn’t delete all detections automatically. They didn’t even provide a "Do it! And never ask me again!" option in the case of more than one malware detection. This fact led to testers clicking a "remove"- button several hundred times. While such options are very common in desktop applications, they aren't in the Android world yet. Also scan reports couldn't be saved within most of the tested apps. Some apps use SQLite databases to save their scan results and we were able to collect the corresponding db-files from the emulators only. As accessing those files requires root privileges, they weren't collected from the real devices. The average user shouldn't miss such features, as its device should never be infected with hundreds of malicious apps, but those simple functions would make a testers life much easier. As pointed out before, there are also apps which use their cloud to detect malware. While this worked flawlessly with most products, both in emulated environments as well as on a real device there were a few exceptions. We have seen products that were not able to query their cloud in the emulator at all, even if full internet access was provided. There were also products that did have some trouble on a real device. This might be due to latency issues and could only be resolved by repeated tests until no further problems occurred. 11
Anti-Malware solutions for Android 5. Conclusion Even if Google now checks all apps on its Android Market, you should consider installing a security app, because nowadays the malware authors are able to load their malicious code after a seemingly clean app has been installed. Regarding the detection rates, you can trustfully choose from at least 17 products to protect your Android device. What you should also have in mind when choosing your mobile security app are additional functions such as backup and anti-theft protection (e.g. find your lost device or wipe all data remotely). To keep your device free of malware even without a security app, you should install apps only from trusted sources, like the Google Android Market or the Amazon Appstore for Android. Read the comments carefully and check whether the required permissions are reasonable (e.g. a game usually shouldn't need the permission to read or write SMS unless its description lists the specific features using these permissions). As it may take between two to four weeks until Google removes malicious apps from its Android Market, you should also be careful with new apps on the market. Wait until apps are well-established, e.g. they were downloaded several thousand times and have many good ratings, or visit the developer’s website, which should at least provide contact information. In most cases when there is a free (often called Lite) and a paid version, the malware detection capabilities are the same. So if you are just looking at the detection rates, you can take the Lite result and apply this to the paid version and vice versa. Another finding of the test is, that the well known Desktop IT vendors perform above the average. Even the worst products from those vendors are still better than most of the specialized mobile security software vendors. 12
Anti-Malware solutions for Android 6. Product details Product Vendor Android Package 5 Version AegisLab Antivirus Free AegisLab com.aegislab.sd3prj.antivirus.free 1.0.4 ALYac Android ESTsoft com.estsoft.alyac 1.2.5.0 Android Antivirus Android Antivirus and.anti 1.6 Android Defender AndroidAppTools com.virusshield.android 1.1 Antivirus Free Creative Apps com.zrgiu.antivirus 1.3.1 avast! Free Mobile Security AVAST com.avast.android.mobilesecurity 1.0.1282 AVG Mobilation Anti-Virus Free AVG Mobilation com.antivirus 2.10 Bitdefender Mobile Security BitDefender com.bitdefender.security 1.1.483 BlackBelt AntiVirus BlackBelt SmartPhone Defence com.blackbelt.antivirus 2.2.0002 BluePoint Security Free BluePoint Security bluepointfree.ad 4.0.17 BullGuard Mobile Security BullGuard com.smobile.securityshield.android.bullgard 10.0.22.14023 CMC Mobile Security CMC InfoSec com.cmcinfosec.mobilesec 2.1 Comodo Mobile Security Comodo Security Solutions com.comodo.pimsecure 1.1.16984.2 Dr.Web anti-virus Light Doctor Web com.drweb 6.01.5 ESET Mobile Security ESET com.eset.emsw 1.0.288.223 Fastscan Anti-Virus Free K-TEC jp.ktinc.fastscan 1.1.5 F-Secure Mobile Security F-Secure com.fsecure.browser 7.6.08787 G Data MobileSecurity G Data de.gdata.mobilesecurity 23.4.19038 GuardX Antivirus QStar org.qstar.guardx 2.3 IKARUS mobile.security LITE IKARUS Security Software com.ikarus.mobile.security 0.9.8.9008 Kaspersky Mobile Security (Lite) Kaspersky Lab com.kms 9.10.106 Kinetoo Malware Scan CPU Media SARL com.cpumedia.android.kinetoo 1.7.1 LabMSF Antivirus beta LabMSF com.ReSync.RNGN 1.0 Lookout Security & Antivirus Lookout Mobile Security com.lookout 7.1 McAfee Mobile Security McAfee com.wsandroid.suite 2.0.1.366 MobileBot Antivirus Desktop Shark avm.defender 1.05 MobiShield Mobile Security trustmobi com.trustmobi.MobiShield 3.1.5 MT Antivirus KissDroid com.hot.free.defence.main 1.0.8 MYAndroid Protection Antivirus MYMobileSecurity com.mymobileprotection20 4.6.12.68 Norton Mobile Security Lite NortonMobile com.symantec.mobilesecurity 2.5.0.392 NQ Mobile Security NetQin Mobile com.nqmobile.antivirus20 6.0.06.16 Privateer LITE Privateer Labs com.privateer.lite 2.1.4 Quick Heal Mobile Security Quick Heal Technologies com.quickheal.platform 1.01.017 Snap Secure Exclaim Mobility com.exclaim.snapsecure.app 7.18 Super Security Superdroid.net com.superdroid.security2 1.04 Total Defense Mobile Security Total Defense com.tdi.security 3.0.3.16256 Trend Micro Mobile Security Trend Micro com.trendmicro.tmmspersonal 2.1 TrustGo Mobile Security TrustGo Mobile com.trustgo.security 1.0.1 Vipre Mobile Security (BETA) GFI Software com.ssd.vipre 1.0.231 Webroot SecureAnywhere Mobile Webroot com.webroot.security 2.2.1.1046 Zoner AntiVirus Free ZONER com.zoner.android.antivirus 1.2.10 Figure 6: Product details of all products listed in the test results 5 The Android package name is unique among all apps in the Google Android Market. You can use it as search term if you want to install a specific program from the Android Market. 13
Anti-Malware solutions for Android AegisLab Antivirus Free belongs ALYac Android is a free Mobile Android Antivirus showed only to the second range with its Security. It has a clear user very few detections in our tests detection rate between 65% and interface but the detection rates and crashed several times. The 90%. It has additional Anti-Theft need to improve. advertisements worked properly. functions in the Elite Version. Antivirus Free just detects a avast! Free Mobile Security is AVG Mobilation Anti-Virus Free is handful of samples in the test set. available for free, easy to use and a good choice to secure your It shows advertisements at the has many features to protect your phone, being in the second group bottom of the screen. device. With its very good of detection rates. It also provides detection rate it is one of the best Anti-Theft functions. security products for your Android device. 14
Anti-Malware solutions for Android The premium version of BlackBelt AntiVirus is simple to BluePoint Security Free uses a Bitdefender Mobile Security use. However the poor detection clear user interface and has an includes a variety of other useful rate doesn’t excuse to pay for the average detection rate with its functions in addition to the good product after the trial period has cloud scan engine. malware and privacy scanner. expired. BullGuard Mobile Security The free CMC Mobile Security Comodo Mobile Security provides contains Parental Control and seems to be out of date. The latest statistics at its home screen and Backup beside its good virus signatures are several months old. provides good malware detection. scanner. 15
Anti-Malware solutions for Android Dr.Web anti-virus Light has very ESET Mobile Security provides a Fastscan Anti-Virus Free covers all good detection rates. You need good to very good malware malware families but the the premium version to use Anti- detection and extended Anti-Theft signatures still need to enhance. Theft and Anti-Spam features. functions. F-Secure Mobile Security has one G Data MobileSecurity scans on- GuardX Antivirus displays of the best test results. F-Secure demand and periodically with a advertisements. It has no real offers a comprehensive package satisfactory detection rate. You advantage over using no virus with Anti-Theft and Safe Browsing. can also check apps for specific scanner with its very low permissions. detection rate. 16
Anti-Malware solutions for Android IKARUS mobile.security LITE is a Kaspersky Mobile Security (Lite) is Kinetoo Malware Scan offers an plain virus scanner and got top one of the best malware average detection rate. The free marks in the malware detection protection solutions and contains version contains a regularly test. Anti-Theft, Privacy Protection, updated database of mobile Parental Control and Data malware and spyware. Encryption. With LabMSF Antivirus we found Lookout Security & Antivirus McAfee Mobile Security offers neither any malware nor the achieved very good results for comprehensive security functions EICAR test file. malware detection. Privacy with a 1-year subscription and Advisor, Safe Browsing, Remote very good detection rates. Lock and Wipe and other functions are available in the premium version. 17
Anti-Malware solutions for Android MobileBot Antivirus couldn’t find MobiShield Mobile Security The only well working feature of any malware sample, but it’s free contains free Antivirus, Backup, MT Antivirus seems to be the of ads. System Optimization, Anti-Theft, advertisements at the bottom. Traffic-Monitor and more. The Detection rates are very poor. malware detection test ends with moderate results. MYAndroid Protection Antivirus Norton Mobile Security Lite NQ Mobile Security provides looks good, is easy to use and has achieves good test results. The Antivirus, Network Manager, a very good detection rate, free version includes Anti- Privacy Advisor, Optimization and making it one of the top products. Malware and Anti-Theft. Backup in its free version, combined with very good detection results. 18
Anti-Malware solutions for Android Privateer LITE has no additional Quick Heal Mobile Security Snap Secure has a clear menu but functions to its scan feature, includes good Anti-Malware it detected less than 40 percent of which didn’t detect too many detection, Call Blocker, Anti-Theft our malware test set. samples. and Message Filtering. Super Security is a free solution Total Defense Mobile Security Trend Micro Mobile Security with a good detection rate. It has provides a good AntiVirus module, Personal Edition scored well in the several other functions. malware detection test. Safe Monitoring and Backup. Browsing, Parental Control Call and Message Filter as well as Anti- Theft functions are integrated. 19
Anti-Malware solutions for Android TrustGo Mobile Security has to Vipre Mobile Security is available Virus Shield didn’t detect much in improve its detection rates. It for free. It’s a beta release but our test. Every scan ended with offers many functions for free. already shows good detection full screen advertisements. rates. Webroot SecureAnywhere Mobile Zoner AntiVirus Free surprises shows good detection results in with very good test results and the malware test. The premium many free functions such as Anti- version offers Secure Browsing, Theft, Task Manager, Call Filter, Lost Device Protection, Call and Parental Control and others. SMS Filter and an App Inspector. 20

Recomendados

Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”eSAT Publishing House
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsAnatoliy Tkachev
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
AVG Android App Performance Report Q4 2014
AVG Android App Performance Report Q4 2014AVG Android App Performance Report Q4 2014
AVG Android App Performance Report Q4 2014AVG Technologies
 
AVG Android App Report Q3 2015
AVG Android App Report Q3 2015AVG Android App Report Q3 2015
AVG Android App Report Q3 2015AVG Technologies
 

Recomendados

Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET- Android Malware Detection System
IRJET- Android Malware Detection SystemIRJET Journal
 
Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”eSAT Publishing House
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsAnatoliy Tkachev
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware surveyeSAT Journals
 
AVG Android App Performance Report Q4 2014
AVG Android App Performance Report Q4 2014AVG Android App Performance Report Q4 2014
AVG Android App Performance Report Q4 2014AVG Technologies
 
AVG Android App Report Q3 2015
AVG Android App Report Q3 2015AVG Android App Report Q3 2015
AVG Android App Report Q3 2015AVG Technologies
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your TestingBugRaptors
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESPositive Hack Days
 
AVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG TechnologiesAVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG TechnologiesAVG Technologies
 
Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016AVG Technologies
 
43 automatic
43 automatic43 automatic
43 automaticaissmsblogs
 
Vulnerable Hunter
Vulnerable HunterVulnerable Hunter
Vulnerable HunterIJERA Editor
 
Exploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarExploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarGallop Solutions
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!All Things Open
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTIEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTtsysglobalsolutions
 
Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Yoshinori Iwano
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011Anatoliy Tkachev
 
CopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps BehaviorsCopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps BehaviorsFACE
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Комсс Файквэе
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248Anatoliy Tkachev
 
A guide to Android automated testing
A guide to Android automated testingA guide to Android automated testing
A guide to Android automated testingjotaemepereira
 
Android automation tools
Android automation toolsAndroid automation tools
Android automation toolsSSGMCE SHEGAON
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfTop Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfElanusTechnologies
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 

Más contenido relacionado

La actualidad más candente

100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your TestingBugRaptors
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESPositive Hack Days
 
AVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG TechnologiesAVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG TechnologiesAVG Technologies
 
Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016AVG Technologies
 
Exploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarExploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarGallop Solutions
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTIEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTtsysglobalsolutions
 
Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Yoshinori Iwano
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011Anatoliy Tkachev
 
CopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps BehaviorsCopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps BehaviorsFACE
 
A guide to Android automated testing
A guide to Android automated testingA guide to Android automated testing
A guide to Android automated testingjotaemepereira
 
Android automation tools
Android automation toolsAndroid automation tools
Android automation toolsSSGMCE SHEGAON
 

La actualidad más candente (17)

100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICES
 
AVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG TechnologiesAVG Android App Performance Report by AVG Technologies
AVG Android App Performance Report by AVG Technologies
 
Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016Avg technologies android app_performance__trends_report_h1 2016
Avg technologies android app_performance__trends_report_h1 2016
 
43 automatic
43 automatic43 automatic
43 automatic
 
Vulnerable Hunter
Vulnerable HunterVulnerable Hunter
Vulnerable Hunter
 
Exploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarExploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon Hagar
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACTIEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
 
Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Introduction to Secure Coding Checker
Introduction to Secure Coding Checker
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011
 
CopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps BehaviorsCopperDroid - On the Reconstruction of Android Apps Behaviors
CopperDroid - On the Reconstruction of Android Apps Behaviors
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248
 
A guide to Android automated testing
A guide to Android automated testingA guide to Android automated testing
A guide to Android automated testing
 
Android automation tools
Android automation toolsAndroid automation tools
Android automation tools
 

Similar a Anti-Malware Test Report for Android Apps

Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfTop Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfElanusTechnologies
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 ReportRonen Mendezitsky
 
The rise of android malware and efficiency of Anti-Virus
The rise of android malware and efficiency of Anti-VirusThe rise of android malware and efficiency of Anti-Virus
The rise of android malware and efficiency of Anti-VirusDaniel Adenew
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OSPranav Saini
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdfBelayet Hossain
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...Papitha Velumani
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...BlackBerry
 

Similar a Anti-Malware Test Report for Android Apps (20)

Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfTop Mobile Application Penetration Testing Tools for Android and iOS.pdf
Top Mobile Application Penetration Testing Tools for Android and iOS.pdf
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 Report
 
The rise of android malware and efficiency of Anti-Virus
The rise of android malware and efficiency of Anti-VirusThe rise of android malware and efficiency of Anti-Virus
The rise of android malware and efficiency of Anti-Virus
 
Avc beh 201207_en
Avc beh 201207_enAvc beh 201207_en
Avc beh 201207_en
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OS
 
Android anti virus analysis
Android anti virus analysisAndroid anti virus analysis
Android anti virus analysis
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf2.Android App Development_ Types of Automated Unit Tests.pdf
2.Android App Development_ Types of Automated Unit Tests.pdf
 
Dtl 2012 q4_home.1
Dtl 2012 q4_home.1Dtl 2012 q4_home.1
Dtl 2012 q4_home.1
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...
Catch Me If You Can- Evaluating Android Anti-Malware Against Transformation A...
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
 
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
Android in the Enterprise New Security Enhancements: Google and BlackBerry St...
 
Avc fdt 201209_en
Avc fdt 201209_enAvc fdt 201209_en
Avc fdt 201209_en
 

Más de Комсс Файквэе

Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 

Más de Комсс Файквэе (20)

Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ru
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
 
Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xg
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Scimp paper
Scimp paperScimp paper
Scimp paper
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
Analitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesAnalitika web 2012_positive_technologies
Analitika web 2012_positive_technologies
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-us
 
Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Kaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_reportKaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_report
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012
 
H02 syllabus
H02 syllabusH02 syllabus
H02 syllabus
 
Course reader-title
Course reader-titleCourse reader-title
Course reader-title
 

Último

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Último (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Anti-Malware Test Report for Android Apps

  • 1. Test Report: Anti-Malware solutions for Android Published: March, 15 t h 2012 Version: 1.1a
  • 2. Anti-Malware solutions for Android Copyright © 2012 AV-TEST GmbH. All rights reserved. Postal address: Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69 For further details, please visit: http://www.av-test.org 1
  • 3. Anti-Malware solutions for Android Update March, 15th 2012 (Version 1.1a) Added a remark regarding the detection rate of Bitdefender, ESET, Trend Micro and Vipre on page 8. Update March, 13th 2012 (Version 1.1) It has been brought to our attention that certain parts in our initial report and the testing methodology are considered imprecise and/or flawed by third parties. Therefore AV-TEST performed additional tests to sort out any of those issues and provides the updated results in this report. The retest was performed between March 9th to 13th, with the most current program versions and signature updates (including full Internet access to enable in-the-cloud queries) of all products that were not in the light green or dark green category. We would especially like to thank MYMobileSecurity (MYAndroidProtection), NQmobile (Netqin) and Total Defense for their feedback on this topic. Update March, 7th 2012 (Version 1.0a) The product name of Avast has been corrected to “avast! Free Mobile Security” instead of “avast! Mobile Security”. 2
  • 4. Anti-Malware solutions for Android Content 1. Introduction......................................................................................................................................... 4 2. Test report ........................................................................................................................................... 6 3. Test results .......................................................................................................................................... 8 4. Testing issues..................................................................................................................................... 11 5. Conclusion ......................................................................................................................................... 12 6. Product details................................................................................................................................... 13 3
  • 5. Anti-Malware solutions for Android 1. Introduction The Smartphone market grew enormously over the last five years and the mobile malware evolved rapidly, too. Right now there are over 450.000 apps in the Android market, where as there were less than 100.000 in July 2010 1. This makes it the fastest growing software market overall. With the rise of new apps, the number of malware increases as well. Figure 1 shows the growth of the AV-TEST Android malware collection. The increasing curve is similar to what we've seen for PC malware in the last years. The threats for Android include Phishing- and Banking-Trojans, Spyware, Bots, Root Exploits, SMS Fraud, Premium Dialers and Fake Installers. There have also been reports about Download-Trojans – apps that download their malicious code after installation – which means that these apps can't be easily detected by Google's Bouncer technology 2 during publication in the Google Android Market. Our collection used for this test contains more than 20 different Android malware families, which cover each of the previously named threats. Android Malware Collection Growth 14000 12000 10000 8000 6000 4000 2000 0 New Android Malware per Month Total Number of Android Malware Figure 1: Android malware collection growth since January 2011 In November 2011 we’ve revealed that many Antivirus apps, which are available for free in Google's Android Market, don't provide a sufficient malware protection for your Android mobile. This time we are trying to cover the good and the bad and started reviewing as many Android Anti-Malware apps as we could find, regardless whether an app requires a specific Android version or device. These apps include free and non-free programs, intended for personal use. This report aims to give an impression of the malware detection rates. As an independent test institute, we aren't in the position to recommend a specific product, but you can certainly use our report to find your personal favorite. However please bear in mind, that malware may not the only or the most important threat to your 1 <http://en.wikipedia.org/wiki/Android_operating_system> 2 Google's Bouncer technology checks apps for malware during publication in Google's Android Market <http://googlemobile.blogspot.com/2012/02/android-and-security.html> 4
  • 6. Anti-Malware solutions for Android device. Even if a product scores poorly in malware detection it may have other convenient features, such as remote lock and wipe, backup and phone locating, that make it useful for your purposes. It is also possible to run two or more security apps on your device at the same time, using only the best features of the single apps. 5
  • 7. Anti-Malware solutions for Android 2. Test report The large number of tested apps required a scalable test environment, so we decided to use the Android emulator supplied by the Android SDK as basis for the review. The emulator has some advantages in contrast to a real device. There is root-access without exploiting the device and you can easily switch between API versions and screen sizes. It has also some disadvantages. You don't have a real phone number, which might be required to activate an app through SMS, and the emulated 3G connection may have a too high latency for querying the cloud of some vendors. While the advantages of the emulator make testing more comfortable, the disadvantages limit the number of apps, which could be properly tested. To get around this limitation, the apps, which didn't work in the emulator, were tested on a real device and all emulator results were cross checked and verified on a real device. The emulator was set up with API level 10 (Gingerbread, Version 2.3) and for non- emulated testing we used a Samsung GalaxyTab (GT-P1010) with Froyo (Version 2.2) and a Samsung Galaxy Nexus (GT-I9250) with Ice Cream Sandwich (Version 4). The products were updated to their latest available versions/signature updates and were allowed to connect to their cloud during the test. The real devices were flashed to factory default settings after every test to provide each product the same clean environment. Among the tested apps we saw two different approaches for the on-demand scan. While many apps simply scan the complete device storage, some other apps scan installed apps and important files only. The latter were not able to scan the malware set with 618 malicious APK-files as it was stored on the SD card. Therefore, we tested the real-time protection feature of those apps instead. That means that all malware apps in our sample set were installed on a device or emulator one by one. After an app has been installed, the tester waited for feedback of the real-time protection, which should pop up if it finds a malicious app. In case of an undetected sample, it was uninstalled manually. This is a time consuming approach and may not work in the future with larger sample sets (see Fig. 1). Regarding the detection rates, it makes no difference whether a malicious app is detected by an on- demand scan or by the real-time scan, when the app is installed. From the testers' point of view, an on-demand scan with many samples is much easier to realize than an on-access scan. However from the user’s point of view the only criterion is protection, no matter at which point and how this takes place. After an on-demand scan has been completed and all detections were removed the testers saved the remaining files, because the reporting abilities weren't consistent among all apps. The files that were left over and have not been modified were flagged as "not detected". In case of the on-access testing, the testers wrote their own report since the samples were tested one by one. With the knowledge of which specific files have been detected by a scanner, we were able to analyze the scan results based on malware families. The family based analysis can help vendors to improve the protection for malware families with low detection rates. If the results would only provide a total, absolute detection rate, it would be impossible to notice if an app that scored well missed an entire malware family or not. So this way of displaying the results gives both the reader and the vendor much more insight. Furthermore this helps to decide whether a product that doesn’t score 100% is still a good choice, e.g. because it misses on a malware family that is no threat to a specific user group or environment. 6
  • 8. Anti-Malware solutions for Android In this report no exact detection rates are given, instead the products are grouped into five different categories, referring to different ranges of detections (Fig. 2 and Fig. 3). The first category contains products that detected over 90%, the second category 90% to 65%, the third 65% to 40%, the fourth everything less than 40% but above 0% and finally the last group contains the products that didn’t detect anything. VERYGOOD GOOD SATISFYING SUFFICIENT NULL > 90% > 65% > 40% > 0% 0% Figure 2: Detection rate legend There are several reasons for doing that: 1. The number of malware samples is still fairly small 2. Determining the prevalence of malware apps is difficult 3. Malware apps are quickly removed from the market (and even remotely from the device) This all comes down to one issue: It can happen very easily that a sample set is distorted by samples that are not really relevant anymore or were never at all. It is impossible for us to measure the prevalence of malware apps. It is also not possible to determine when and how long they have been a threat to the user. Therefore we identified the most widely known malware families and primarily used those for the test. Only malicious apps that we have discovered between August and December 2011 have been included in the test set. A few further malicious apps which don’t belong to the listed families have been put in a category called “Other” and represent other families. Even with those precautions it is possible that malware samples that are not suitable for this test are included. Already 30 wrongly chosen samples could change the result by 5%. In order to avoid too heavy effects from these issues, the results are categorized. However, by looking at the individual family detections it is still possible to get a fairly accurate picture of the absolute detection rate. The products were distributed over all detection ranges as shown in Figure 3. Detection rate distribution 2 10 13 3 13 > 90% > 65% > 40% > 0% 0% Figure 3: Detection rate distribution 7
  • 9. Anti-Malware solutions for Android 3. Test results During February and March 2012 we Product Average Family Detection reviewed 41 different Android Anti- A avast! Free Mobile Security VERYGOOD A Dr.Web anti-virus Light Malware solutions. The test results are VERYGOOD A F-Secure Mobile Security shown in Figure 4³. VERYGOOD A IKARUS mobile.security LITE A Kaspersky Mobile Security >90% The best products in our tests (with A Lookout Security & Antivirus detection rates of 90% and above) come B McAfee Mobile Security from the following top 10 companies, B MYAndroid Protection B NQ Mobile Security listed in alphabetic order: Avast, Dr. Web, A Zoner AntiVirus Free F-Secure, Ikarus, Kaspersky, Lookout, A AegisLab Antivirus Free McAfee, MYAndroid Protection, NQ A AVG Mobilation Anti-Virus Free Mobile and Zoner. Users of products A Bitdefender Mobile Security made by these companies can be assured B BullGuard Mobile Security B Comodo Mobile Security that they are protected against malware. A ESET Mobile Security >65% A Norton Mobile Security Lite Products with a detection rate of between A Quick Heal Mobile Security 65% and 90% can also be considered to be A Super Security very good and have the potential to join B Total Defense Mobile Security the group of best products above if small A Trend Micro Mobile Security GOOD changes are made to the set of malware A Vipre Mobile Security (BETA) GOOD A Webroot SecureAnywhere tested. Some of these products only fail to GOOD B BluePoint Security Free detect just one or two malware families >40% SATISFYING B G Data Mobilesecurity that may not even be prevalent in certain SATISFYING B Kinetoo Malware Scan SATISFYING environments. The following 13 products, B ALYac Android SUFFICIENT listed in alphabetic order, fall into this B Android Antivirus SUFFICIENT B Android Defender Virus Shield category: AegisLab, AVG Mobilation, SUFFICIENT B Antivirus Free Bitdefender, BullGuard, Comodo, ESET, SUFFICIENT B BlackBelt AntiVirus Norton, QuickHeal, Super Security, Total SUFFICIENT B CMC Mobile Security SUFFICIENT Defense, Trend Micro, Vipre and B Fastscan Anti-Virus Free >0% SUFFICIENT B GuardX Antivirus Webroot. SUFFICIENT B MobiShield Mobile Security SUFFICIENT B MT Antivirus It should be noted that Bitdefender, ESET, SUFFICIENT B Privateer LITE Trend Micro and Vipre missed the top SUFFICIENT B Snap Secure category by just a few samples. The SUFFICIENT B TrustGo Mobile Security average family detection rate for these SUFFICIENT B LabMSF Antivirus beta 0 NULL four products was in the area of 88.1% to B MobileBot Antivirus NULL 3 89.9%. Figure 4: Average detection rate per malware family (products in alphabetic order per category) BluePoint, G Data and Kinetoo fall into the third category, namely that of products with a detection rate of between 40% and 65%. It is possible that the manufacturers of these products do not yet have a sufficient infrastructure that enables them to collect a wide range of malware or that they focus on a local market. These products provide reliable malware protection against a few families, 3 Products marked with “A” were tested during February 2012. Products marked with “B” were retested during March 2012. See the report update page at the beginning of the document. 8
  • 10. Anti-Malware solutions for Android but have trouble dealing with and detecting others. It can be expected that these products will improve when their manufacturers focus on a wider variety of malware samples. The fourth category, which is used for products with a detection rate of less than 40%, does not contain any products from well-known anti-virus protection manufacturers. Some of the products in this category also performed below average in our last test. We have now reviewed two other products that are listed in this final category and we could not clearly determine whether or not they correctly scanned the set of malware test or whether they were actually able to detect anything at all. We were therefore unable to record a detection rate when using our set of well-known samples or the EICAR test file 4. Even in the on-access tests these products had no detections. So it is safe to assume that these products really don’t detect anything, but we still wanted to point out the possibility of a flaw in our testing methodology. The malware family based analysis in Figure 5 shows that some products miss the top group only due to their low detection of one or two malware families. You can expect better signatures for these families to be added in the near future. The detection of specific families can also depend on each vendor’s definition of malware. Some families might only be annoying advertisement apps, while others include real malicious code, which can lead to monetary damage or data loss. Therefore some vendors may decide to not detect certain potentially unwanted, but not clearly malicious, apps. 4 The EICAR test file can be used to determine whether an anti-malware software is operational or not and can be obtained here <http://www.eicar.org/86-0-Intended-use.html> 9
  • 11. Anti-Malware solutions for Android Average Family Detection Exploit.Lotoor Glodream BaseBrid DorDrae FakeInst Geinimi Nickspy KungFu Opfake Rooter Gonca Xsider SerBG Other Boxer Jifake Kmin Adrd Yzhc avast! Free Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Dr.Web anti-virus Light VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD F-Secure Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD IKARUS mobile.security LITE VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Kaspersky Mobile Security (Lite) VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Lookout Security & Antivirus VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD SATISFYING McAfee Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD MYAndroid Protection Antivirus VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NQ Mobile Security VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD Zoner AntiVirus Free VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD AegisLab Antivirus Free GOOD VERYGOOD SATISFYING NULL SATISFYING GOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD SATISFYING GOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD SATISFYING AVG Mobilation Anti-Virus Free GOOD VERYGOOD GOOD VERYGOOD SUFFICIENT GOOD VERYGOOD VERYGOOD GOOD VERYGOOD SUFFICIENT VERYGOOD SUFFICIENT GOOD NULL VERYGOOD VERYGOOD SATISFYING SUFFICIENT GOOD Bitdefender Mobile Security GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD BullGuard Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NULL VERYGOOD NULL GOOD GOOD Comodo Mobile Security GOOD GOOD GOOD VERYGOOD GOOD GOOD GOOD GOOD GOOD VERYGOOD SATISFYING VERYGOOD SATISFYING GOOD GOOD GOOD SATISFYING GOOD VERYGOOD SATISFYING ESET Mobile Security GOOD VERYGOOD GOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD VERYGOOD Norton Mobile Security Lite GOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD SUFFICIENT SATISFYING VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD GOOD VERYGOOD VERYGOOD GOOD NULL VERYGOOD SATISFYING GOOD Quick Heal Mobile Security GOOD GOOD GOOD VERYGOOD GOOD VERYGOOD GOOD SUFFICIENT GOOD VERYGOOD GOOD VERYGOOD SUFFICIENT GOOD GOOD VERYGOOD SUFFICIENT GOOD SATISFYING GOOD Super Security GOOD GOOD GOOD VERYGOOD SUFFICIENT SUFFICIENT VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD NULL VERYGOOD SATISFYING VERYGOOD GOOD Total Defense Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD NULL VERYGOOD NULL GOOD GOOD Trend Micro Mobile Security GOOD GOOD VERYGOOD VERYGOOD VERYGOOD GOOD SATISFYING VERYGOOD VERYGOOD VERYGOOD VERYGOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD SUFFICIENT GOOD VERYGOOD GOOD Vipre Mobile Security (BETA) GOOD GOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD SATISFYING VERYGOOD VERYGOOD VERYGOOD GOOD VERYGOOD GOOD VERYGOOD Webroot SecureAnywhere Mobile GOOD GOOD GOOD VERYGOOD VERYGOOD SATISFYING VERYGOOD SUFFICIENT GOOD VERYGOOD GOOD VERYGOOD GOOD GOOD VERYGOOD VERYGOOD SUFFICIENT VERYGOOD VERYGOOD GOOD BluePoint Security Free SATISFYING SATISFYING SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD GOOD SUFFICIENT SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT NULL SUFFICIENT VERYGOOD SATISFYING SUFFICIENT SUFFICIENT SATISFYING G Data Mobilesecurity SATISFYING SATISFYING SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD GOOD GOOD SUFFICIENT NULL VERYGOOD SUFFICIENT GOOD SUFFICIENT NULL SATISFYING SATISFYING SUFFICIENT SATISFYING Kinetoo Malware Scan SATISFYING SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT VERYGOOD SUFFICIENT GOOD SUFFICIENT NULL SATISFYING SUFFICIENT SATISFYING GOOD ALYac Android SUFFICIENT SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SUFFICIENT GOOD NULL SATISFYING NULL NULL NULL SUFFICIENT GOOD SATISFYING SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT Android Antivirus SUFFICIENT NULL NULL NULL SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL Android Defender Virus Shield SUFFICIENT NULL NULL NULL SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL NULL NULL NULL NULL SUFFICIENT Antivirus Free SUFFICIENT NULL NULL NULL NULL SUFFICIENT SUFFICIENT SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT BlackBelt AntiVirus SUFFICIENT SUFFICIENT NULL SUFFICIENT NULL NULL SUFFICIENT SUFFICIENT NULL SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT NULL SUFFICIENT SUFFICIENT SUFFICIENT CMC Mobile Security SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL NULL SUFFICIENT Fastscan Anti-Virus Free SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT SUFFICIENT GOOD SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT SUFFICIENT VERYGOOD SUFFICIENT SATISFYING SATISFYING SUFFICIENT NULL SATISFYING SUFFICIENT SUFFICIENT GuardX Antivirus SUFFICIENT SUFFICIENT SUFFICIENT NULL NULL SUFFICIENT NULL SUFFICIENT NULL NULL NULL NULL NULL NULL NULL VERYGOOD SUFFICIENT NULL NULL NULL MobiShield Mobile Security SUFFICIENT GOOD GOOD VERYGOOD NULL SUFFICIENT GOOD GOOD NULL NULL NULL NULL SUFFICIENT NULL NULL NULL VERYGOOD SUFFICIENT SUFFICIENT SUFFICIENT MT Antivirus SUFFICIENT NULL SUFFICIENT NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL SUFFICIENT NULL NULL SUFFICIENT Privateer LITE SUFFICIENT SUFFICIENT SATISFYING NULL NULL VERYGOOD SUFFICIENT SUFFICIENT SATISFYING NULL SUFFICIENT VERYGOOD GOOD NULL NULL SUFFICIENT SUFFICIENT GOOD NULL SUFFICIENT Snap Secure SUFFICIENT SUFFICIENT SATISFYING SATISFYING SATISFYING SUFFICIENT SUFFICIENT SUFFICIENT SATISFYING GOOD NULL SUFFICIENT SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT SUFFICIENT NULL SATISFYING SUFFICIENT TrustGo Mobile Security SUFFICIENT SUFFICIENT SATISFYING SUFFICIENT GOOD SATISFYING SUFFICIENT SUFFICIENT GOOD SUFFICIENT NULL GOOD GOOD NULL SUFFICIENT SUFFICIENT NULL SUFFICIENT SUFFICIENT SATISFYING LabMSF Antivirus beta NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL MobileBot Antivirus NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL Figure 5: Detection by malware family (products in alphabetic order per category) 10
  • 12. Anti-Malware solutions for Android 4. Testing issues Despite the fact that some apps weren’t able to scan our sample set on the SD card and therefore have to be tested in a time consuming on-access test, we were also faced with apps which couldn’t delete all detections automatically. They didn’t even provide a "Do it! And never ask me again!" option in the case of more than one malware detection. This fact led to testers clicking a "remove"- button several hundred times. While such options are very common in desktop applications, they aren't in the Android world yet. Also scan reports couldn't be saved within most of the tested apps. Some apps use SQLite databases to save their scan results and we were able to collect the corresponding db-files from the emulators only. As accessing those files requires root privileges, they weren't collected from the real devices. The average user shouldn't miss such features, as its device should never be infected with hundreds of malicious apps, but those simple functions would make a testers life much easier. As pointed out before, there are also apps which use their cloud to detect malware. While this worked flawlessly with most products, both in emulated environments as well as on a real device there were a few exceptions. We have seen products that were not able to query their cloud in the emulator at all, even if full internet access was provided. There were also products that did have some trouble on a real device. This might be due to latency issues and could only be resolved by repeated tests until no further problems occurred. 11
  • 13. Anti-Malware solutions for Android 5. Conclusion Even if Google now checks all apps on its Android Market, you should consider installing a security app, because nowadays the malware authors are able to load their malicious code after a seemingly clean app has been installed. Regarding the detection rates, you can trustfully choose from at least 17 products to protect your Android device. What you should also have in mind when choosing your mobile security app are additional functions such as backup and anti-theft protection (e.g. find your lost device or wipe all data remotely). To keep your device free of malware even without a security app, you should install apps only from trusted sources, like the Google Android Market or the Amazon Appstore for Android. Read the comments carefully and check whether the required permissions are reasonable (e.g. a game usually shouldn't need the permission to read or write SMS unless its description lists the specific features using these permissions). As it may take between two to four weeks until Google removes malicious apps from its Android Market, you should also be careful with new apps on the market. Wait until apps are well-established, e.g. they were downloaded several thousand times and have many good ratings, or visit the developer’s website, which should at least provide contact information. In most cases when there is a free (often called Lite) and a paid version, the malware detection capabilities are the same. So if you are just looking at the detection rates, you can take the Lite result and apply this to the paid version and vice versa. Another finding of the test is, that the well known Desktop IT vendors perform above the average. Even the worst products from those vendors are still better than most of the specialized mobile security software vendors. 12
  • 14. Anti-Malware solutions for Android 6. Product details Product Vendor Android Package 5 Version AegisLab Antivirus Free AegisLab com.aegislab.sd3prj.antivirus.free 1.0.4 ALYac Android ESTsoft com.estsoft.alyac 1.2.5.0 Android Antivirus Android Antivirus and.anti 1.6 Android Defender AndroidAppTools com.virusshield.android 1.1 Antivirus Free Creative Apps com.zrgiu.antivirus 1.3.1 avast! Free Mobile Security AVAST com.avast.android.mobilesecurity 1.0.1282 AVG Mobilation Anti-Virus Free AVG Mobilation com.antivirus 2.10 Bitdefender Mobile Security BitDefender com.bitdefender.security 1.1.483 BlackBelt AntiVirus BlackBelt SmartPhone Defence com.blackbelt.antivirus 2.2.0002 BluePoint Security Free BluePoint Security bluepointfree.ad 4.0.17 BullGuard Mobile Security BullGuard com.smobile.securityshield.android.bullgard 10.0.22.14023 CMC Mobile Security CMC InfoSec com.cmcinfosec.mobilesec 2.1 Comodo Mobile Security Comodo Security Solutions com.comodo.pimsecure 1.1.16984.2 Dr.Web anti-virus Light Doctor Web com.drweb 6.01.5 ESET Mobile Security ESET com.eset.emsw 1.0.288.223 Fastscan Anti-Virus Free K-TEC jp.ktinc.fastscan 1.1.5 F-Secure Mobile Security F-Secure com.fsecure.browser 7.6.08787 G Data MobileSecurity G Data de.gdata.mobilesecurity 23.4.19038 GuardX Antivirus QStar org.qstar.guardx 2.3 IKARUS mobile.security LITE IKARUS Security Software com.ikarus.mobile.security 0.9.8.9008 Kaspersky Mobile Security (Lite) Kaspersky Lab com.kms 9.10.106 Kinetoo Malware Scan CPU Media SARL com.cpumedia.android.kinetoo 1.7.1 LabMSF Antivirus beta LabMSF com.ReSync.RNGN 1.0 Lookout Security & Antivirus Lookout Mobile Security com.lookout 7.1 McAfee Mobile Security McAfee com.wsandroid.suite 2.0.1.366 MobileBot Antivirus Desktop Shark avm.defender 1.05 MobiShield Mobile Security trustmobi com.trustmobi.MobiShield 3.1.5 MT Antivirus KissDroid com.hot.free.defence.main 1.0.8 MYAndroid Protection Antivirus MYMobileSecurity com.mymobileprotection20 4.6.12.68 Norton Mobile Security Lite NortonMobile com.symantec.mobilesecurity 2.5.0.392 NQ Mobile Security NetQin Mobile com.nqmobile.antivirus20 6.0.06.16 Privateer LITE Privateer Labs com.privateer.lite 2.1.4 Quick Heal Mobile Security Quick Heal Technologies com.quickheal.platform 1.01.017 Snap Secure Exclaim Mobility com.exclaim.snapsecure.app 7.18 Super Security Superdroid.net com.superdroid.security2 1.04 Total Defense Mobile Security Total Defense com.tdi.security 3.0.3.16256 Trend Micro Mobile Security Trend Micro com.trendmicro.tmmspersonal 2.1 TrustGo Mobile Security TrustGo Mobile com.trustgo.security 1.0.1 Vipre Mobile Security (BETA) GFI Software com.ssd.vipre 1.0.231 Webroot SecureAnywhere Mobile Webroot com.webroot.security 2.2.1.1046 Zoner AntiVirus Free ZONER com.zoner.android.antivirus 1.2.10 Figure 6: Product details of all products listed in the test results 5 The Android package name is unique among all apps in the Google Android Market. You can use it as search term if you want to install a specific program from the Android Market. 13
  • 15. Anti-Malware solutions for Android AegisLab Antivirus Free belongs ALYac Android is a free Mobile Android Antivirus showed only to the second range with its Security. It has a clear user very few detections in our tests detection rate between 65% and interface but the detection rates and crashed several times. The 90%. It has additional Anti-Theft need to improve. advertisements worked properly. functions in the Elite Version. Antivirus Free just detects a avast! Free Mobile Security is AVG Mobilation Anti-Virus Free is handful of samples in the test set. available for free, easy to use and a good choice to secure your It shows advertisements at the has many features to protect your phone, being in the second group bottom of the screen. device. With its very good of detection rates. It also provides detection rate it is one of the best Anti-Theft functions. security products for your Android device. 14
  • 16. Anti-Malware solutions for Android The premium version of BlackBelt AntiVirus is simple to BluePoint Security Free uses a Bitdefender Mobile Security use. However the poor detection clear user interface and has an includes a variety of other useful rate doesn’t excuse to pay for the average detection rate with its functions in addition to the good product after the trial period has cloud scan engine. malware and privacy scanner. expired. BullGuard Mobile Security The free CMC Mobile Security Comodo Mobile Security provides contains Parental Control and seems to be out of date. The latest statistics at its home screen and Backup beside its good virus signatures are several months old. provides good malware detection. scanner. 15
  • 17. Anti-Malware solutions for Android Dr.Web anti-virus Light has very ESET Mobile Security provides a Fastscan Anti-Virus Free covers all good detection rates. You need good to very good malware malware families but the the premium version to use Anti- detection and extended Anti-Theft signatures still need to enhance. Theft and Anti-Spam features. functions. F-Secure Mobile Security has one G Data MobileSecurity scans on- GuardX Antivirus displays of the best test results. F-Secure demand and periodically with a advertisements. It has no real offers a comprehensive package satisfactory detection rate. You advantage over using no virus with Anti-Theft and Safe Browsing. can also check apps for specific scanner with its very low permissions. detection rate. 16
  • 18. Anti-Malware solutions for Android IKARUS mobile.security LITE is a Kaspersky Mobile Security (Lite) is Kinetoo Malware Scan offers an plain virus scanner and got top one of the best malware average detection rate. The free marks in the malware detection protection solutions and contains version contains a regularly test. Anti-Theft, Privacy Protection, updated database of mobile Parental Control and Data malware and spyware. Encryption. With LabMSF Antivirus we found Lookout Security & Antivirus McAfee Mobile Security offers neither any malware nor the achieved very good results for comprehensive security functions EICAR test file. malware detection. Privacy with a 1-year subscription and Advisor, Safe Browsing, Remote very good detection rates. Lock and Wipe and other functions are available in the premium version. 17
  • 19. Anti-Malware solutions for Android MobileBot Antivirus couldn’t find MobiShield Mobile Security The only well working feature of any malware sample, but it’s free contains free Antivirus, Backup, MT Antivirus seems to be the of ads. System Optimization, Anti-Theft, advertisements at the bottom. Traffic-Monitor and more. The Detection rates are very poor. malware detection test ends with moderate results. MYAndroid Protection Antivirus Norton Mobile Security Lite NQ Mobile Security provides looks good, is easy to use and has achieves good test results. The Antivirus, Network Manager, a very good detection rate, free version includes Anti- Privacy Advisor, Optimization and making it one of the top products. Malware and Anti-Theft. Backup in its free version, combined with very good detection results. 18
  • 20. Anti-Malware solutions for Android Privateer LITE has no additional Quick Heal Mobile Security Snap Secure has a clear menu but functions to its scan feature, includes good Anti-Malware it detected less than 40 percent of which didn’t detect too many detection, Call Blocker, Anti-Theft our malware test set. samples. and Message Filtering. Super Security is a free solution Total Defense Mobile Security Trend Micro Mobile Security with a good detection rate. It has provides a good AntiVirus module, Personal Edition scored well in the several other functions. malware detection test. Safe Monitoring and Backup. Browsing, Parental Control Call and Message Filter as well as Anti- Theft functions are integrated. 19
  • 21. Anti-Malware solutions for Android TrustGo Mobile Security has to Vipre Mobile Security is available Virus Shield didn’t detect much in improve its detection rates. It for free. It’s a beta release but our test. Every scan ended with offers many functions for free. already shows good detection full screen advertisements. rates. Webroot SecureAnywhere Mobile Zoner AntiVirus Free surprises shows good detection results in with very good test results and the malware test. The premium many free functions such as Anti- version offers Secure Browsing, Theft, Task Manager, Call Filter, Lost Device Protection, Call and Parental Control and others. SMS Filter and an App Inspector. 20