Google's New Android Malware Detector Not Nearly as Effective as 3rd Parties

A study performed by a North Caroline State University associate professor found third-party Android malware detectors to be significantly more effective than Google's new application verification service in Android v4.2 "Jelly Bean."

In November, Google announced the latest version of its Android OS, v 4.2 "Jelly Bean" and detailed a new Android security feature in the OS, called the Android "application verification service." The new feature added another layer of mobile security to Android devices in addition to the Android "Bouncer" features which scans apps installed via the Google Play store for malware but not apps installed using third-party app stores, such as Amazon's Appstore for Android.

Android Application Verification Service Security Malware Effectiveness

The Android application verification service scans all applications as they are installed on users' devices, as long as the users have Google Play on their smartphones or tablets. (Users who don't want to use them can disable the new verification features.) But according to a new study performed by Xuxian Jiang, an associate professor of computer science from North Caroline State University, third-party Android malware detectors can be more than twice as effective as Google's built-in application verification service.

Prof. Jiang ran tests on both the new Android application verification service and 10 more third-party Android malware detectors and found that Google's new security features in Android 4.2 found only 20% of known malware, compared to a range of between 51 percent and 100 percent detection by the third-party services. (The ten third-party services are as follows: Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft.)

From a report on the study:

"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement. "

I'd say that's an understatement, considering the massive growth in Android malware the market has seen during the past few years. Google does deserve some credit for its attempts to address the problem. But it's apparently not doing a very good job.

AS

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.