![](\"https:\/\/media.wired.com\/photos\/5c8c34ff43416573f9b95fcb\/master\/pass\/Phones-925406974.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Sat, 16 Mar 2019 11:00:00 +0000<\/strong><\/p>\n The world of <\/span>antivirus is already fraught<\/a>. You\u2019re basically inviting all-seeing, all-knowing software onto your device, trusting that it\u2019ll keep the bad guys out and not abuse its own access in the process. On Android, that problem is compounded by dozens of apps that aren\u2019t just ineffective\u2014they\u2019re outright phony.<\/p>\n That\u2019s the finding<\/a> of newly published research<\/a> from AV-Comparatives, a European company that, as its name suggests, tests antivirus products. In a survey of 250 antivirus apps found in the Google Play Store, only 80 demonstrated basic competence at their jobs by detecting 30 percent or more of the 2,000 malicious apps AV-Comparatives threw at them. The remainder either failed to meet that benchmark, frequently mistook benign apps for malware, or have been pulled from the Play Store altogether. In other words, they stunk.<\/p>\n \u201cIn the past we and others found malicious apps, non-working apps, so it is not really a surprise to find some bogus AV apps as well,\u201d says Peter Stelzhammer, COO of AV-Comparatives. \u201cIn the times of rogue AV software, you have to be aware of everything.\u201d<\/p>\n Failure comes in many different colors, of course. Some antivirus apps AV-Comparatives tested actually did a decent job of blocking malicious apps, but introduced potential risks of their own. Several dozen products\u2014all of which share a suspiciously similar user interface\u2014relied on a \u201cwhitelist\u201d approach, meaning that only specifically named apps were permitted to run on the device. Think of it as a bouncer in a club with a very strict guest list; anyone not on it has to go, whether they\u2019re seedy or not.<\/p>\n The immediate ramification of that approach should be obvious: An antivirus that relies only on whitelisting will block lots of perfectly legitimate apps. In some cases, the AV-Comparatives study notes, the antivirus apps even forgot to whitelist themselves, creating an ouroboros of failure.<\/p>\n \u201cIn the times of rogue AV software, you have to be aware of everything.\u201d<\/p>\n Peter Stelzhammer, AV-Comparatives<\/p>\n This sort of whitelisting introduces a secondary concern. These apps were coded to trust any package name that starts with, say, "com.adobe." or "com.facebook.<\/em>" But that also means hackers could name their malware com.facebook.bigbadvirus and still get through. Think again of our bouncer, who in this scenario has specific instructions to let John Stamos in the club any time he wants. Our friend would happily raise the rope for three raccoons in a trench coat, as long as they introduced themselves as John Stamos Raccoons.<\/p>\n Why go through all the trouble of pushing a fake, or at best deeply broken, antivirus app? To snap up users' personal data, of course. Remember, antivirus apps by nature ask for, and generally receive, deep permissions. \u201cAndroid apps like these are notorious for simply pushing more content on phones, but even more so they are simply used to gather data from the phone,\u201d says Yonathan Klijnsma, head threat researcher at security intelligence firm RiskIQ. \u201cThis ranges from basic information like the model of the phones, towards live GPS polling, phone numbers, and any other personally identifiable information up for grabs.\u201d<\/p>\n While Google has taken down plenty of these fraudulent apps, they still persist. It\u2019s also unclear whether Google can reasonably be expected to face down the tide. \u201cI am not sure what to expect from Google regarding these apps,\u201d says Mohammad Mannan, a computer scientist at Concordia University who has researched antivirus software. \u201cIn general, Google as a market operator possibly cannot check all apps to verify if the apps meet their advertised obligations.\u201d Google did not comment on what protections it has in place to keep fake or faulty antivirus software out of the Play Store. Mannan argues that in some ways it would be like penalizing a boring game for claiming it was \u201csuper exciting.\u201d<\/p>\n The good news is that not all Android antivirus is worthless. AV-Comparatives found 23 apps that caught 100 percent of their malware samples, and several more that came close. If there's a common thread among the more reliable choices, it's that they tend to come from companies you\u2019ve heard of, like F-Secure and Bitdefender and Symantec, to name a few. If you insist on installing antivirus for your Android phone, that remains your best rule of thumb.<\/p>\n \u201cDownload counts and reviews are not an option any more,\u201d says Stelzhammer. \u201cThe reviews cannot say anything about the quality of protection, only about the ease of use, and this doesn\u2019t mean that you are protected well enough. And they can be fake as well.\u201d<\/p>\n On the other hand, you could also not<\/em> install an antivirus app. Even good ones can be fooled<\/a>, especially on a platform as permissive as Android. They drain resources at an aggravating rate. And a lot of the protection they offer can be achieved by simply staying away from third-party app stores<\/a> in the first place. At best, they\u2019ll help a little. At worst, they\u2019ll hurt a lot.<\/p>\n