Android antivirus software relatively easy to beat

Virus infections are relatively rare on Android, but the risk increases when the user allows side loading of apk files. (Source: gfkDSGN/Pixabay)

Researchers at Georgia Tech were able to bypass the protection of 97% of the popular Android antivirus applications tested. The detection rules used by most of the programs appear to be relatively basic, and by presenting their results at the Black Hat USA 2017 conference, the researchers are hoping that developers can improve the performance of their scanners.

Craig Ward, Published 07/24/2017

Android virus scanners have been around for several years now, and are installed on hundreds of millions of Android phones (based on the inaccurate ranges that the Play Store provides for installation statistics). A portion of these installs are likely to be due to partnerships (bloatware?) on new phones, but the sheer number of installs show that many users consider Android virus scanners as an important piece of software.

Researchers at Georgia Tech developed a tool, named AVPass, to put 58 of these antivirus apps through a series of tests designed to sneak malware onto the device without activating the antivirus protection. Interestingly, only two of the applications (Ahnlabs and WhiteArmour) consistently blocked their infection attempts. Wolotsky, one of the researchers, says "We can’t say for sure that we can bypass the other 56 AVs 100% of the time; however, in our tests we were almost always able to do so". Respected antivirus tester, AV-Test, rated Ahnlabs first equal in their May 2017 testing with a 100% detection rate of their malware sample kit, showing that it has high accuracy during regular testing too.

The reason that so many of the apps can be bypassed is that they appear to use relatively simple detection rules, similar to how PC antiviruses worked several years ago. Android antivirus apps are often focused on scanning other apps on the phone, to detect rogue apps from the Play Store or malicious APKs that the user has downloaded. For android phones in their default state, where the user doesn't have root access, and the phone is only set to allow installations from the Play Store, the vectors for attack are much more limited than on a computer.

The researchers are presenting their work at the Black Hat USA 2017 conference in Las Vegas, where they hope Android antivirus developers will see the benefits of using the data generated by the AVPass tool to improve the protection their apps offer.

Source(s)

WIRED

Virus Guides

AV-Test

The Persistence of Chaos is a fully functional 10.2-inch Samsung NC10-14GB loaded with viruses. (Source: Deep Instinct)

10.2-inch Samsung NC10-14GB loaded with six dangerous viruses going for over US$1 million in live auction 05/26/2019

Talos has estimated that VPNFilter has infected devices in at least 54 countries. (Source: Cisco)

Russia accused of plotting massive VPNFilter malware attack 05/24/2018

Android Oreo has new APIs which help remove developers reliance on accessibility permissions. (Source: knd61/Pixabay)

Google's new security policy on accessibility features will limit or remove 'hundreds of good, useful apps' 11/14/2017

The wolf in sheep's clothing which snuck into thousands of unsuspecting digital pens. (Source: SwiftOnSecurity)

A fake Adblock Plus extension has infected about 37,000 Google Chrome users 10/10/2017

The main weakness of pattern and PIN is the ability for those around you to obverve entry. (Source: Msporch/Pixabay)

Android pattern unlock is the easiest authentication method to snoop 09/23/2017

Not all apps using the Igexin SDK were found to be collecting data, but they all had the potential to do it. (Source: Pixabay)

Igexin use their advertising SDK to siphon user data back to their servers in China 08/23/2017

MIUI security flaws allow uninstallation of security apps and easy copying of data 08/12/2017

The malicious software is activated whrn the DNA sequencer analyzes the data. (Source: Shutterstock)

Biohackers splice malware directly into DNA strands 08/11/2017

McAfee says that 44 percent of consumers are concerned about their financial information being stolen, while 38 percent of consumers are concerned about identity theft. (Source: Digital Trends)

McAfee antivirus will be pre-installed on Galaxy S8 devices 05/10/2017

The "Weeping Angel" exploit tricks users into thinking the TV is powered off while it is actually on and recording. (Source: Samsung)

Wikileaks reveals trove of CIA hacking tools for iOS and Android-driven devices 03/08/2017

Uninstall your anti-virus and use Windows Defender, says veteran software engineer 01/28/2017

Most Android anti-viruses proved worthless, again 03/08/2012

Loading Comments

Comment on this article

'Silent Echo' uses slack to allow t...

Moto Z2 Force allegedly coming to a...

Craig Ward - Tech Writer - 397 articles published on Notebookcheck since 2017

I grew up in a family surrounded by technology, starting with my father loading up games for me on a Commodore 64, and later on a 486. In the late 90's and early 00's I started learning how to tinker with Windows, while also playing around with Linux distributions, both of which gave me an interest for learning how to make software do what you want it to do, and modifying settings that aren't normally user accessible. After this I started building my own computers, and tearing laptops apart, which gave me an insight into hardware and how it works in a complete system. Now keeping up with the latest in hardware and software news is a passion of mine.

Please share our article, every link counts!