In November, Google announced the latest version of its Android OS, v 4.2 "Jelly Bean" and detailed a new Android security feature in the OS, called the Android "application verification service." The new feature added another layer of mobile security to Android devices in addition to the Android "Bouncer" features which scans apps installed via the Google Play store for malware but not apps installed using third-party app stores, such as Amazon's Appstore for Android.
The Android application verification service scans all applications as they are installed on users' devices, as long as the users have Google Play on their smartphones or tablets. (Users who don't want to use them can disable the new verification features.) But according to a new study performed by Xuxian Jiang, an associate professor of computer science from North Caroline State University, third-party Android malware detectors can be more than twice as effective as Google's built-in application verification service.
Prof. Jiang ran tests on both the new Android application verification service and 10 more third-party Android malware detectors and found that Google's new security features in Android 4.2 found only 20% of known malware, compared to a range of between 51 percent and 100 percent detection by the third-party services. (The ten third-party services are as follows: Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft.)
From a report on the study:
"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement. "
I'd say that's an understatement, considering the massive growth in Android malware the market has seen during the past few years. Google does deserve some credit for its attempts to address the problem. But it's apparently not doing a very good job.