Jiang also found the performance of Google's app verification lagged well behind the performance of 10 representative antivirus apps offered by third-party companies such as Avast, Symantec, and Kaspersky Lab. He did this by picking a pseudo random code sample from each of 49 malware families. Overall, the detection rates of the AV packages was 51 percent to 100 percent, compared with 20 percent for the Google service, which is included with the Google Play app. The scanning service, which examines apps downloaded from Google Play as well as alternate sources, is optional, although it's on by default. Jiang's report didn't rank the specific AV apps or list the detection rates for each one by name.While Google's antivirus solution is pretty poor at present, Jiang expects it will significantly improve if the search giant integrates the technology it recently acquired from free app-scanning website VirusTotal.
A chief reason the app verification service misses so much malware is its reliance on cryptographic hash signatures to identify apps known to be malicious.
"This mechanism is fragile and can be easily bypassed," Jiang wrote. "It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it). To be more effective, additional information about the app may need to be collected. However, how to determine the extra information for collection is still largely unknown—especially given user privacy concerns."
Android 4.2 malware scanner catches just 20 percent of threats
Posted on Tuesday, December 11 2012 @ 15:22 CET by Thomas De Maesschalck