This article was published on December 10, 2012

Researchers find Android 4.2’s app verification detects only 15% of known malware


Researchers find Android 4.2’s app verification detects only 15% of known malware

Researchers have put the latest release of Android, version 4.2 (Jelly Bean), to the security test, and the results aren’t pretty. Google’s app verification service performed very poorly at identifying malicious apps, detecting only 15.32 percent of known malware, compared to existing third-party security apps, which unsurprisingly fared much better.

The latest data comes from a study performed by Xuxian Jiang, an associate Computer Science professor at NC State University. The experiments, conducted late last month, used a dataset of 1,260 samples (belonging to 49 different malware families) that has been widely shared within the research community, including Google.

The researchers installed the malware on a few of the latest Nexus 10 tablets (16GB) running Android 4.2. Among the 1,260 samples, just 193 of them were detected by Android 4.2.

The researchers also randomly picked up a sample from each malware family and tested it with ten representative anti-virus engines (Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft). The detection rates of these representative anti-virus engines ranged from 51.02 percent to 100 percent, while the detection rate of Google’s service was 20.41 percent.

For those who don’t know, app verification is an optional feature in the second Jelly Bean release that lets Google verify your apps in order to prevent malware and other harmful software from being installed on your device. As you can see in the two screenshots below, there are two possible scenarios here.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

If the app is harmful, Google may warn you not to install it. If it’s really malicious, Google may block the installation completely. App verification is turned on by default, but can be toggled as you like (Settings => Security => Verify apps).

Three months ago, Google acquired VirusTotal. Two months ago, the company announced Android 4.2 less than two months ago and launched it last month SDK and all.

Unfortunately, it appears there wasn’t enough time to integrate VirusTotal capabilities into Android 4.2. As I pointed out recently, VirusTotal has an Android app, version 1.0 of which was released in June 2012.

The app checks Android applications against VirusTotal’s list of security partners (over 40 antivirus vendors). It informs the user about malware (virus, trojans, worms) on their device and allows them to upload any unknown applications to VirusTotal.

I keep insisting that Google should work on getting this functionality integrated into Android, if it isn’t already, as it would be a shame to see VirusTotal’s app go to waste. Now there’s some data to back up this push: “From our measurement results, VirusTotal performs much better than this standalone service,” the researchers found. That’s a shocker.

Image credit: Kriss Szkurlatowski

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top