

The absolute malware count for Android devices is rising rapidly. Much of this rise is, however, made up of variants of existing malware.

Source: AV-Test With only seven products achieving a detection rate of 95% or more and 24 exhibiting detection rates below 65%, tests performed by AV-Test have shown that anti-virus software for Android is a long way from attaining the reliability of desktop anti-virus software.

Paralleling the explosion in anti-virus apps is the explosion in malware for Android smartphones. The spectrum includes online banking trojans, premium rate diallers and spyware. AV-Test tested the detection rates of 41 anti-virus applications for Android smartphones using a total of 618 items of malware.

Programs from established anti-virus software companies Avast, Dr. Web, F-Secure, Ikarus and Kaspersky detected over 95% of the malware samples, as did products from mobile platform specialists Lookout and Zoner. A further ten products detected more than 65% of the sample. But BullGuard, Commodo, G Data and McAfee, all familiar names from the desktop market, were amongst the products which detected less than two thirds of the malware tested. The testers were unable to identify any detection functionality in a total of six products, including Android Antivirus and Android Defender.

The significance of these tests does, however, need to be put into perspective. The 618 malware variants tested were derived from only 20 malware families, including Rooter, Opfake and FakeInst – the headline figure implies a diversity which simply isn't present. It would seem reasonable to assume that the nearly 12,000 samples of malware for Android in AV-Test's zoo are also derived from a far smaller set of malware families.

The anti-virus software tested detects malware primarily through the use of signatures. Users should not expect more sophisticated detection algorithms such as heuristics and behavioural detection. This limits them to protecting against known malware – they cannot hope to protect users against previously unknown malware for which no signatures are available.

Google itself uses heuristic techniques able to detect unknown malware to scan its app store. But with some recent trojans downloading the actual malicious payload from the web after installation, prophylactic detection at the app store level is almost impossible. The resulting hazard is a direct result of the fact that, in contrast to iOS, Android does not require executable code to be digitally signed.

(djwm)