Feeds

back to article Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault

Android users expecting Windows levels of performance from Android-specific antivirus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts. Anti-malware bods agree that antivirus programs on Android can’t remove viruses automatically, meaning that …

COMMENTS

This topic is closed for new posts.

Page:

Who'd-a-thunk it!

I always had that nagging suspicions AV apps for Android were pretty much useless and uninstalled the first time I tried one (AVG). All they are good for really is remote tracking and possibly wiping your phone (although I found that to be particularly hit or miss upon testing). Other than that they are just a memory hog.

6
13
Silver badge
Facepalm

Re: pretty much useless

Too right. Letting you know you have malware on your phone is pointless if you can't automatically quarantine it. I'd rather let it run if the alternative is having to take some action myself....

19
3
Anonymous Coward

Re: Who'd-a-thunk it!

And still there are those in denial.

0
2
Silver badge
Go

Sounds pretty reasonable

Give the AV guys a way to run outside the sandbox and before you know it the nasties use that trick too... Control is best left to the OS and the user/admin.

43
1
Silver badge

Re: Sounds pretty reasonable

What you are missing is that the AV vendors utterly rely on their customers not being savvy enough to know this. So anybody who can spot the obvious flaw in their claim was never going to be a customer anyway. Think of it like how 419 scammers filter out people who are to smart for them, to save time.

7
5
Silver badge
Facepalm

Re: Sounds pretty reasonable

Exactly. Secure design is secure. There shouldn't be any get-outs for AV software. If the AV software can autonomously remove malware, the malware can install or remove other apps as well...

I'd rather have a good securely designed OS and have to do things manually.

Just look at the stink the AV companies raised when Vista came along and they couldn't use backdoor methods to run any longer. The whole AV industry pretty much turned into a drama queen fest of bleeting hearts. "You can't make the OS secure, that is unfair on us!"

12
1
Anonymous Coward

Re: Sounds pretty reasonable

Popular OS or software = popular target for attack.

Windows and Android in the OS department.

PDF, Java and Flash in the technology department.

1
1

Presumably if you give the AV apps the ability to force uninstall other malicious apps, then you're basically also giving malicious apps the ability to force uninstall anything else

if( user has installed an AV app )

{

force uninstall AV app

display generic looking "Sorry, App not compatible with your device" message

}

10
1
Silver badge

Exactamondo

0
0

Wait,

do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!

An that application is closed source, developed by a Russian company owned by a guy alleged to have ties with Russian secret service? And famous for advocating for compulsory real identity on the Internet?

Uh-oh...

14
2
Bronze badge

Re: Wait,

On Windows, most of these "apps" are consumed as mere websites.

This morning my Android device prompted me to update the HungryHouse.co.uk app. It requested an additional permission: get the list of currently running tasks. I cannot fathom why a takeaway ordering website wants to know what tasks I'm running in the background. I'll stick to ordering my food via the website, thank you very much.

Browsers: the original sandbox.

19
0
Anonymous Coward

Re: Wait,

"do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!"

There are normally quarantined first. You can get them back. At least you can protect the kernel from such a driver in Windows.....in Linux such a driver has to be part of the kernel!

3
12
Silver badge

Re: Wait,

To find out how many people have Facebook, how many people have Twitter, what competition is running, and so on.

You know how the Windows desktop has become a battleground with toolbars, search engines, browsers, antivirus engines, plugins, and so on all fighting for space and unsavvy users clicking yes to install them all, in all probabliy making the computer unusable? Well, that's what Android is too.

2
3

Re: Wait,

I want to vote you both up and down.

What you said about the Window ecosystem is correct.

Anything you install in Windows can access anything in your account or anywhere in the system if installed as Administrator.

The same is not true of Android, there is that whole "permissions" framework which the developer has to ask for.

However.. most users don't even glance at those when they go to install an app and the developers, even the mainstream ones, ask for completely ridiculous capabilities.

Recently Google itself updated the Maps application and it wants a new ability to connect and disconnect from Wi-Fi.. As this app seems to already have nearly every permission on the phone already I'm very leery.

..And seeing Google just removed the accidentally leaked App Ops which could potentially mitigate against such madness I'm feeling quite frustrated.

Other than Google provided services, I don't have a single social network application on my Android phone as they want ridiculous capabilities.

"Manage the accounts on this device", I don't think so!

DESPITE this, the situation between Android and Windows security models is not at all similar.

5
0
Silver badge

Re: Wait,

Other than Google provided services, I don't have a single social network application on my Android phone as they want ridiculous capabilities.

I have the FB app on mine, mainly because it was pre-installed and I can't remove it, but I partly fixed that by not giving it any information in the first place. However, it's disturbing to find it running occasionally when I look through my list of running processes. I didn't ask it to start.

2
0

Re: Wait,

@Number6

You can always block it from ever starting if you disable it in the app manager.

2
0
Anonymous Coward

Re: Wait,

> developed by a Russian company

What is your problem with Russian companies? Don't like it? Set one up yourself in the country of your choice.

And people think the brain-washed twats are the North Koreans. :-(

2
0
Silver badge

Re: Wait,

Not at all similar, no, but the end result is the same - if the user doesn't agree to what the app wants then it won't get installed and if you do, it will. Some knowledgeable users might decide not to install, most users will. You might as well call the permission list a shortened EULA.

There's no Blackberry-style way to go through the permission list and deny certain permissions or Symbian-style question the first time a permission is requested. Both of these are an incentive on the developer to reduce permissions and make their app less annoying. Android's is take it or leave it, but that assumes the user knows what 'it' is.

4
0
Gimp

Re: Wait,

And on Android, you usually cannot launch the app if you do not grant it all "required" privs ... on my Blackberry, I can choose which ones to give and still use the app ... ok, some features will be disabled ... ;-)

I feel sorry for the droid folks ... ;-)

1
0

Re: Wait,

I have the FB app on mine, mainly because it was pre-installed and I can't remove it, but I partly fixed that by not giving it any information in the first place. However, it's disturbing to find it running occasionally when I look through my list of running processes. I didn't ask it to start.

What is that crazy OS you are running ? Unbelievable ... you cannot claim fb app is "a vital part of the operating system" ... worse, it starts on its own ?

So, impossible to uninstall, starts on its own ... let me guess, sounds like Android or Windows ...

1
1

Re: Wait,

I agree with most of what you said, but I think you misunderstood the "Manage the accounts on your device" permission. This simply means the app has the ability to add an account/remove its own account into the account manager (like a sync app). It can't access sensitive information (passwords) from accounts created by other applications. Only apps that run on the same processes (meaning released by the same developer) can access each other's sensitive account information.

0
1
Bronze badge

Has anyone tried an av app for android, or had malware installed on their device? I'm curious as to what it does, how one knows and if the av software would give enough details as to which app is infected. I like my devices, but some of the apps and their requirements is just bizarre. Why does a simple app need access to my camera, or my contact list, or anything for that matter? And this is not some silly little game app, this is apps from large vendors to make it easier to navigate their store as opposed to web surfing, which we know not all sites are designed for tablets.

I do like the simplicity of tablets, but I do not trust them or google to protect me

4
0
Silver badge

Windows level of performance

You have to admit that there has been a considerable amount of testing to achieve that performance level.

0
0

"... but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

10
0
Anonymous Coward

> Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

I was going to post exactly the same question. Good thing I read the other comments first.

0
0
Anonymous Coward

"... but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

<CrazyRumourMode>

Weeellll... Someone I know wot works for the abuse dept of a major ISP and is a bit of a hobby hacker to complement his line of work, assures me that using Kali Linux it is entirely possible for him to hack into a rooted Android phone via its wifi connection, overload the processor voltage and burn it out, thus physically destroying said phone. Apparently can't be done on unrooted devices.

In truth I'm never quite sure whether to believe everything he says and I can't be arsed to verify these claims at present because I'm supposed to be doing work, but by all means have a Google yourself and let us know if it's true. Good story either way.

</CrazyRumourMode>

0
0
Silver badge

Flip side of the coin...

...is allowing random apps the ability to remove other apps. Sure, this would be great for Avast and doubly so if you can get rid of the crap the manufacturer sticks on and won't let you uninstall even if it is flagged as malware... but like many other Android permissions (hello phone state and identity) it would be abused.

Maybe a workable compromise would be for some sort of API disclosed to known recognised AV companies?

0
2
Anonymous Coward

Re: known recognised AV companies

Theoretically a good idea, but then FamousLegitAntiVirusNotAHoaxWeSwearGuysWereWhiteHatHaxorzInstallOutAppzGoldenPalace.com would complain and fill suits about discrimination and cartels and monopolies and whatnot.

3
0
FAIL

Re: Flip side of the coin...

“Phone state and identity” is a very good example of one which needs to be split up. Knowing when a phone call is active is one thing; reading the phone nos. and device IDs is entirely separate and usually completely unnecessary.

Without checking further, I'm quite sure that there are others which should be similarly split.

3
0
Bronze badge

Crazy Platform

This sounds like madness. Not even in the darkest days did Windows XP stop AV software from cleaning up viruses. At least XP allows a modestly competent user to reinstall from scratch if necessary. What on earth do Google think they're doing?

Except of course the end user isn't dealing with Google, it's "not their problem" (unless it's Nexus). The end user deals with Samsung, Sony, etc or more likely with their network provider. And there's nothing they can do, because actually it all comes from Google.

Google really seem to be doing their best totally screw up Android. They're just one big hack away from driving all their customers to another mobile phone platform like iOS, Win phone, etc. And I'm pretty doubtful of Android's ability to resist hacks.

4
15
Anonymous Coward

But also:

Not even in the darkest days did Windows XP stop viruses from cleaning up AV software.

15
0

Re: Crazy Platform

"At least XP allows a modestly competent user to reinstall from scratch if necessary" - also known as a factory/hard reset on Android (and other smartphone OSs, Symbian had it, Windows Phone has it, etc.).

8
0
Bronze badge

Re: Crazy Platform

bazza, you seem to not understand. Android, unlike any version of Windows, isolates apps giving them separate uid's and thus has them running in a sandboxed env. Each uid routinely joins various groups with different permissions. These permissions are also transparent to a user.

All apps are pretty much equal and cannot have higher privileges over each other. An admin (the user) or root can go over their heads. You cannot simply allow an app on an unrooted system to do just that.

All those features combined is a good measure against malware already.

This is why Windows is so vulnerable and helpless against viruses and trojans. MS Windows is the one that is crazy.

10
0
Bronze badge

Re: Crazy Platform

" Android, unlike any version of Windows, isolates apps giving them separate uid's and thus has them running in a sandboxed env. Each uid routinely joins various groups with different permissions. These permissions are also transparent to a user.

All apps are pretty much equal and cannot have higher privileges over each other. An admin (the user) or root can go over their heads. You cannot simply allow an app on an unrooted system to do just that.

All those features combined is a good measure against malware already."

Boring, and useless. Android is riddled with money stealing malware that no-one is doing anything about. If all that guff you've spouted is worth a damn, why are there so many Android nasties doing the rounds?

It is very obvious that the Android sandbox isn't worth a damn. I don't care if it's design is any good or not, the end result is that there's a shed load of Android malware. And yet the sandbox and OS architecture in general is set up to prevent anything (i.e. anti-virus software) doing anything about it. Seems that to have effective protective software the AV guys would have to use the same tricks as the malware guys are using in the first place. That's a simply crazy position for a software ecosystem to be in.

1
12
Bronze badge

Re: But also:

"Not even in the darkest days did Windows XP stop viruses from cleaning up AV software."

True enough, but at least that was by mistake. At least I am presuming that it wasn't deliberate on Microsoft's part...

Android is seems designed to make life harder for the AV guys than it is for the malware authors. I just wonder when it will occur to Google that they've a properly bad security problem and that their design is preventing other people from fixing that problem for them. Maybe they don't care, sales are great, but it's not exactly setting themselves up for a glorious long term future, is it?

Look at the things with major security problems at the moment. Java - who is running that in their browser these days? Adobe reader - so bad that the browser writers are developing their own PDF plugins. Flash - eek! Yahoo has a number of security problems, so people go to Google, Outlook, etc. MS are still around of course, but Apple did very nicely out of OS X's reputation for being more 'secure'.

In short, people start to drift away from platforms that have feeble security. Google can't afford that. They will actually have to fix it sooner or later.

1
8
Bronze badge

Re: Crazy Platform

"also known as a factory/hard reset on Android (and other smartphone OSs, Symbian had it, Windows Phone has it, etc.)."

So what? If a factory reset merely results in you having a phone as insecure as it was before, how exactly are you better off, and how exactly do you stop the same nastie getting in?

At least with a PC or Mac you can reinstall back to clean, get a better AV package and install a load of updates and be more secure that you were before.

1
8
Bronze badge

Re: Crazy Platform

Indeed boring for a Windows-oriented mind. Too much simplicity, order and too little mess, bloat and room for the MIcrosoft-type creativity .

Android is riddled with money stealing malware that no-one is doing anything about

In you dreams and imagination it might be. Android malware are always presented in numbers that are available for download (usually outside of Google Play). No numbers of successfully installed ones are ever given., unlike with MS Windows where we almost always know an estimate for the number of PC to suffer from a particular malware.

I don't care if it's design is any good or not, the end result is that there's a shed load of Android malware.

Right, good design is detrimental, let's rewrite the postulates of modern IT... How big is this shed that gets to actually infect?

(Anti) Virus software is an afterthought, and the result of many Microsoft's blunders, it's not a good idea after all.

6
1
Silver badge
Meh

Re: No numbers of successfully installed ones are ever given.

You say that like it's a good thing. It would be much better if the number was known and it was insignificant. You imply that this lack of knowlege is because the number is small, I hope you're right, I fear you're not.

0
4
Bronze badge

Re: No numbers of successfully installed ones are ever given.

"Ei incumbit probatio qui dicit, non qui negat"

Presumption of innocence, Codex Iustinianius.

I say it, because, most Android's critics, who deplore the malware affairs almost always insinuate the equity between being available and being installed. I also tell you that, if the latter number were in any way discernible, it would be apparent and much better pronounced in the press and everyday life. We would see it in real action, hearing about complaints, having acquaintances, relatives and friends to tell their funny stories, just like in case with MS Windows of whatever version. Nothing of this happens which implies its insignificance for Android.

1
0
Anonymous Coward

@bazza

I really hope you are trolling because I can't believe you would get anyone who chooses to visit this site be so technically illiterate.

There's no way anyone (apart from you) could think that opening up a massive security hole in an OS is a good idea just in case the user ignores the warning message saying "you are about to install a virus, I recommend you do not continue".

Every app that will cost you money is highlighted quite clearly to you before it does - e.g. phone calls, texts etc. Your choice to allow it.

4
0

Re: Crazy Platform

In over 15 years of IT, I have yet to come across a single Mac that needs to be reinstalled because it had a virus ... last time I looked there were 7 viri for Mac OS X vs 300 000 to 2 000 000 for Windows (depends how the vendors count mutations) ... Macs still need av software just in case something bad crawls up one day ... I have personally owned half a dozen, work in a business with plenty of Macs (90% in my team have Macs - we have choice of OS, I use debian)

2
0

Re: Crazy Platform

He is a completely clueless nutcake, pleas don't feed the TROLL!

0
0
Bronze badge

Out of sight out of (your) mind?

The flip-side of that coin is that where AV is barred you are at the mercy of supreme controller and his skills.

It may surely happen one day that Apple will be made liable when all them 'forced ignorant' users get stung.

0
4
Bronze badge

Have you considered the implications of this for corporate security? Can a company trust anyone on the outside to delete malware, when it's at least possible that the malware has been installed by the NSA? Can you rely on Google? Or Apple? There is at least a chance that a large company could sponsor something such as Cyanogen and have an Android version that they control.

And if you're in a critical job, that could mean that your phone is regularly wiped, and reloaded from a secure source. Though if you're being that careful, the way the actual non-Android part of the phone is programmed is pretty scary.

If you think you might be a target, is there anyone you can rely on?

1
0

"If you think you might be a target, is there anyone you can rely on?"

Well, no. If you think the NSA are after you, you should probably avoid using a smartphone.

5
0
Bronze badge
FAIL

Android malware becoming a growing nuisance?

There's no technical protection from some users going to malicious sites and downloading malicious software.

2
0
Bronze badge

Re: Android malware becoming a growing nuisance?

"There's no technical protection from some users going to malicious sites and downloading malicious software."

Yes there is, it's called an Anti-Virus package that is actually empowered to stop nasty things running in the first place. The problem with Android is that it won't let an AV package do that, and Android doesn't prevent it either.

Google's whole security set up for Android is terrible. There's no proper update mechanism, there's no means for third party AV software to properly help, Android's security model is seemingly not very effective anyway (why else the malware?), and Google don't seem to be very intent on fixing any of this.

One might as well don a grass skirt and conduct some sort of shamanistic ritual over one's phone, that would be a security measure as effective as any other...

1
9
Anonymous Coward

@ Bazza

You need to cut down on the coke, mate.

I can picture you gnashing your teeth as you wrote all the above nonsense. :-)

5
1
Anonymous Coward

I did some testing...

Android malware is very real.

I have a couple of spare android phones so i intentionally set about infecting one of them with malware. I setup a temp google account, brand new gmail account and inserted a payg sim.

All i can say is i did encounter malware, i could see it doing stuff when packet sniffing my router. Connecting to Russian sites.

I also left the phone overnight, about 3am i saw it light up and install a few apps itself. I also saw it send a few text messages to some fake contacts i set up in Gmail.

This was about 2 years ago and i reported it to Google but got no reply.

The biggest culprit seemed to be screensaver apps at that time. In particular, football club screensavers and live wallpapers.

I also have a couple of colleagues who were not careful and got hit with something that sent out a load of text messages from their phones. Also one particular colleague who's Android phone emailed a penis enlargement spam email to our boss and pretty much everyone in his contacts.

Thanks.

1
5

Page:

This topic is closed for new posts.