clock menu more-arrow no yes mobile

Filed under:

Google's Android malware scanner detects only 15 percent of malicious code in test (update)

New, 135 comments
Android 4.0 welcome robot (STOCK)
Android 4.0 welcome robot (STOCK)

With Android 4.2, Google has taken steps to address the lingering threat of malware on its mobile platform with a new security tool that quickly crosschecks sideloaded apps for harmful code. But a computer scientist at North Carolina State University has put Google's solution through a thorough test and found that barely 15 percent of malicious samples were properly identified by the scanner. In conducting his test, Xuxian Jiang loaded 1,260 instances of Android malware onto the recently-released Nexus 10 and examined which of those triggered a warning to users. Only 193 of them did so, amounting to a lackluster 15.32-percent detection rate.

Third-party apps work better for now

The subpar performance is particularly surprising since, according to Jiang, Google has been made aware of many of these test samples by members the research community. The disappointing showing also gives a leg up to third-party apps specializing in virus and malware protection. Until Google's built-in security measures can protect wary users to the same degree as alternatives from the likes of AVG, Dr. Web, and Avast, those apps are likely to remain popular in the Google Play store.

Is malware on Android a real concern?

Of course, whether such apps are necessary to begin with is a matter of heated debate among Android users. For most consumers that download applications exclusively from Google Play, malware is rarely if ever an issue to be concerned with. Still, there have been exceptions. Jiang points out that VirusTotal — recently acquired by Google — exhibited superior detection capabilities compared to Google's built-in scanner. Assuming Google plans to integrate VirusTotal's technology into the core Android OS, the situation could quickly improve in forthcoming software updates.

Update: Google has provided us with a response to Jiang's test results, stating that its malware detection techniques are designed to catch threats users would encounter in actual everyday usage rather than in a test environment.

The Google Play application verification service uses real-world data and multiple detection techniques to protect against Android malware. We go after threats users are most likely to face, rather than just focusing on an AV test set which may not be representative of actual conditions.