Skip to main content

Two-thirds of Android antivirus apps are frauds

(Image credit: Image Credit: Alok Sharma / Pexels)

A significant proportion of Android antivirus programs are a sham, new research has found.

An investigation by cybersecurity firm AV-Comparatives found many offerings don't work as intended, some don't even try to work as intended, and some are there just for the opposite effect – to bombard the user with ads and malvertising.

It analysed 250 antivirus apps you can find on the Google Play Store for some basic requirements and the vast majority failed. And by 'basic requirements' they mean – being able to detect but a fraction of known virus strains.

So here's what they did. They installed an antivirus on an Android device, then programmed the device to download and run a known virus strain, one which was spotted roughy a year ago. That way, the researchers would test if the app works and if it's being updated at all.

They did this some 2,000 times, for different apps and different viruses.

The results are staggering. Some apps don't analyse the code, just the package name. Some used a whitelist / blacklist approach, and would block apps for just having the 'wrong' name. They would also allow apps for the same reasons.

Some apps would even block themselves, in instances when the devs would forget to whitelist themselves.

Apps that would detect at least 30 per cent of viruses, without false positives, would be considered legitimate, but out of 250 apps that were detected, 170 failed.

It was also said that the majority of these 'antivirus' apps were designed by the same team, which would also sometimes develop mobile games and other utterly unrelated actions.

Image Credit:  Alok Sharma / Pexels