On the Effectiveness of Malware Protection on Android an Evaluation of Android Antivirus Apps

Android is currently the most popular smartphone operating system. However, users feel their private information at threat, facing a rapidly increasing number of malware for Android which significantly exceeds that of other platforms. Antivirus software promises to effectively protect against malware on mobile devices and many products are available for free or at reasonable prices. Their effectiveness is supported by various reports, attesting very high detection rates. However, a more detailed investigation is required in order to understand the real risk level arising from malware for the Android platform. Neither do the exceedingly high numbers of different malware variants reflect the real threat in comparison to other platforms, nor do the results of testing antivirus software against a set of already known malware samples (retrospective tests) provide a clear picture of the capabilities and limitations of antivirus software on the Android platform. The primary objective of this report is thus to help corporate and private users to assess the real risk level imposed by Android malware on the one hand, and the protection level offered by antivirus software on the other hand. For this purpose, we discuss how malware spreads and which limitations antivirus apps are subject to. We then evaluate how well Android antivirus software performs under realworld conditions, as opposed to retrospective detection rate tests. Based on our findings, we give recommendations for private and corporate users and sketch possible future solutions to overcome some of the current issues of antivirus software. For this report, we conducted various tests on several antivirus apps for Android. As we aim to reflect real-world threats better than retrospective tests, in which antivirus software is tested for recognizing known malware samples, our test setup considers the ability to cope with typical malware distribution channels, infection routines, and privilege escalation techniques. We found that it is easy for malware to evade detection by most antivirus apps with only trivial alterations to their package files. In order to test different malware detection techniques, we also used a newly developed proof of concept malware. This proof of concept malware demonstrates advanced functionality which is not present in most of today’s Android malware, and is intended to determine how Android antivirus software will deal with unknown and upcoming malware. Fraunhofer AISEC On the Effectiveness of Malware Protection on Android 2