Are You Using Safe Android Antivirus?

Tread carefully when it comes to Android security products – and never take an app provider’s claims at face value. In light of recent research showing that the majority of antivirus apps are pretty much useless, these messages are more relevant than ever.

Here’s why many antivirus (AV) apps can end up doing you and your phone more harm than good…

Table Of Contents

What the researchers did…

Austrian Antivirus testers, AV-Comparatives took a sample of 250 antivirus security apps by an assortment of developers found on the Google Play Store.

Through the company’s automated Android testing framework, the 250 security products were tested against the 2,000 most common Android threats of 2018 (testing took place in January 2019). As these were established threats, you would expect them to have been indexed, identified and blocked by any antivirus software worthy of the label.

The researchers defined the threshold between a legitimate antivirus app and one that was ineffective or unsafe as the ability to detect more than 30% of threats with zero false positives.

What they found…

For the 250 apps under the spotlight, here’s what was discovered…

Only 80 apps passed the basic test, detecting more than 30% of threats with zero false alarms.

Apps from 138 current vendors failed the test - either because they detected less than 30% of the malware samples, or because they gave a high rate of false alarms.

A further 32 apps had been removed from the Play Store in the time between the testing and publication of the research.

Overall, just 23 apps detected 100% of the malware samples.

A 100% success rate should be the norm

Of the products that failed the test, around half did so because of their low malware detection capabilities.

A benchmark of 30% success rate really isn’t asking a lot. After all, it’s not as if the researchers were expecting the products to pick up on new and previously unseen threats. The 2,000 malware strains used in the research had been present in the wild well before the testing took place - so any antimalware software worth its salt would be able to detect them as a matter of course. As the researchers point out, within these testing conditions, a detection rate of 90% and above should be “easily achievable”.

Beware the false positives

Same products, different packaging

Scroll through the Google Play Store for AV software and it seems as if you are spoiled for choice.

But look a little closer and lots of these apps are in fact remarkably similar to each other. It’s because many of them are put together using the common same white label AV app coding template.

Some products also make use of AV engines from established vendors and rebrand them as their own. You’d expect these variants to perform as well as the originals - but this isn’t always the case. The researchers suggest that this could be due to issues with the use of older engines, variations with internal settings and problems with implementation.

Why build a garbage app?

If it isn’t going to do a decent job, why put your AV app out there?

For some developers, it’s a matter of kudos: an Android AV app looks good as part of your wider product portfolio - even if it isn’t actually any good.

Others are no doubt driven by the same objectives as many other spammy app producers: the chance of picking up a couple of dollars from unsuspecting customers, or else as yet another platform for harvesting data, pushing ads and other content.

​The best antivirus for android mobile

Most of us have a playbook for telling good from bad apps. This usually involves checking the number of downloads and star rating - along with a quick glance at the user comments.

When it comes to Android AV, you need to tread a little more carefully. After all, a 4 or 5 star rating might just mean that the users are not experiencing any performance issues with the software (while, unknown to them, the app is in fact doing little or nothing to block threats). Also, an app might be downloaded many times before the fact that it’s useless comes to light.

Of the 23 apps that came out on top, most were created by well-established companies (the likes of Kaspersky, McAfee and Symantec). So if you are looking for Android AV that actually works, look for evidence of independent effectiveness testing (above and beyond user reviews) - and stick with the names you know.  

For a deeper dive into antivirus and its effectiveness, lack there of and the potential ​security risks of AV. See Volume 4 of The Complete Cyber Security Course.

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.

  • RandomProbability says:

    Standard templates is called lazy coding, can be used for teaching Software Development in terms of basic requirements gathering or intro to develop an App, unless the developer has the ability to independently create something revolutionary, yep just stick to devil you know as they say

    • Nathan House Nathan House says:

      They are not using standard templates to create good products. But just to get it out the door. They don’t care about efficacy.

      • Kostas Tsakalidis says:

        Why not both? I do not mean to be their advocate, but I.. asume we have all been there more or less at some point. Pushy / mid level established company, the idea starts as “we will use this.. framework or api or whatever to make a great (web or android really) app” and then they use this to push the app out the door faster, because.. yeh, money.

    • Kostas Tsakalidis says:

      To further enchance what you say, it is not only “unless the developer has the ability to independently create something revolutionary”. When the team is small and the testing is limited, it is actually somewhat safer in terms of zero day vulnerabilities to use other people’s proven good templates. HOW you use them is of an other conversation.

      But I believe that I have created a lot more holes in apps I have written my own from scratch, than in apps I have used parts of others, simply because many holes have been patched by the time I use that template.

  • Erik says:

    In my experience, Bitdefender has been great on every platform that I’ve used it on. Seems to be pretty lightweight, and frequently scores at or near 100% on AV Comparatives.

  • Kenneth says:

    Can we get our hands on that report?? I wanna read it and find out the 23 Apps that passed the test.

  • Nicolas says:

    Great article as always Nathan! Thank you.

  • AE says:

    when I got my phone I was told by the ATT salesman that I don’t need AV on android phones.

  • Lincoln says:

    I have been using Bitdefender. I am not sure if I can use Malware Bytes with Bitdefender. May be Bitdefender does it work without any supplementing app like Malware Bytes.

  • >