Android malware is fastest-growing category in IT (and anti-virus apps barely slow it down)

Two-thirds of Android A/V apps don't detect most malware, which increased by 3,325% last year

There's good news on the mobile-malware front, but only if you're in the mobile malware business: Not only did the number of attacks on mobile devices of all kinds grow by 155 percent compared to 2010, Android, increased the number of its available viruses, Trojans and other malware at the unheard-of rate of 3,325 percent according to a report from Juniper Networks.

German testing lab AV-Test makes the estimate a little more precise, avoiding the question of how to calculate the growth rate in percentages when starting from zero: In January 2011 testers were able to collect almost no malware in the wild that was tailored specifically to Android. By the end of February 2012 the catalog of Android malware apps had grown to nearly 12,000.

More good news (if you write or distribute malware for a living): After testing 41 antivirus/antimalware apps that run on Android, AV-Test concluded that barely a third performed adequately and almost none lived up to the standards most users would expect of a standard antivirus product for PCs.

The best-performing Android antivirus products detected more than 90 percent of the malware AV-Test tried to slip past them – still lower than mid-90-percent and upward rated by the best antivirus products on PCs or Macs.

Best-performing AV apps – >90% success rate: Avast, Dr. Web, F-Secure, Ikarus, Kaspersky, Zoner and Lookout.

Products described by AV-Test as "still very good" detected between 65 percent and 90 percent of the malware present.

Second-best mobile AV apps – 90% to 65% success rate: AegisLab, Super Security, AVG, Bitdefender, ESET, Norton/Symantec, QuickHeal, Trend Micro, Vipre/GFI and Webroot.

The rest don't bear investigation because, even if they're working well on your particular device, they don't work well enough to make any mobile user any safer. Catching between 40 percent and 65 percent of malware attacks is a lot better than catching none of them. But it also brings the success rate down below the margin of error.

So, using one of those apps, if your phone starts speaking in tongues, projectile-vomiting pea soup and rotating its front-facing camera all the way around to face back and keep going until it's facing you again, you still couldn't rely on the antivirus to tell you if the phone was infected or possessed.

Third-tier mobile AV apps – 40% to 65% "success:" Bullguard, Comodo, G Data, McAfee, NetQin and Total Defense.

Among the biggest weaknesses for the worst-performing apps was the ability to scan installed apps and important files rather than all the storage connected in any way to the device. Without scanning SD cards and other storage, AV scans missed malware hidden in malicious APK files (self-installing executables) and waiting for the opportunity to take over.

Even the effective scans varied widely in their ability to pick up specific families of malware, which is important because some families are prevalent in one geographic area and missing completely in others.

So check the table labeled Figure 5 on Page 8 of this PDF of the full report from AV-Test to see which are most effective on the malware in your area.

But, whatever you do, don't download anything. Or click on anything. Or turn on your phone without dunking it in bleach or hot, soapy water first.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies