A test by Xuxian Jiang, a professor of computer science at North Carolina State University, reveals that the effectiveness of Google's new malware scanner for Android is very poor. Google's own solution, which is included with Android 4.2, managed to catch just 193 out of 1260 samples of malicious apps. ARS Technica writes Google's anti-virus tool had an overall detection rate of only 20 percent, whereas other antivirus packages for Android deliver detection rates from 51 percent to 100 percent.
Jiang also found the performance of Google's app verification lagged well behind the performance of 10 representative antivirus apps offered by third-party companies such as Avast, Symantec, and Kaspersky Lab. He did this by picking a pseudo random code sample from each of 49 malware families. Overall, the detection rates of the AV packages was 51 percent to 100 percent, compared with 20 percent for the Google service, which is included with the Google Play app. The scanning service, which examines apps downloaded from Google Play as well as alternate sources, is optional, although it's on by default. Jiang's report didn't rank the specific AV apps or list the detection rates for each one by name.
A chief reason the app verification service misses so much malware is its reliance on cryptographic hash signatures to identify apps known to be malicious.
"This mechanism is fragile and can be easily bypassed," Jiang wrote. "It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it). To be more effective, additional information about the app may need to be collected. However, how to determine the extra information for collection is still largely unknown—especially given user privacy concerns."
While Google's antivirus solution is pretty poor at present, Jiang expects it will significantly improve if the search giant integrates the technology it recently acquired from free app-scanning website VirusTotal.