back to article Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault

Android users expecting Windows levels of performance from Android-specific antivirus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts. Anti-malware bods agree that antivirus programs on Android can’t remove viruses automatically, meaning …

COMMENTS

This topic is closed for new posts.
  1. Dick Emery

    Who'd-a-thunk it!

    I always had that nagging suspicions AV apps for Android were pretty much useless and uninstalled the first time I tried one (AVG). All they are good for really is remote tracking and possibly wiping your phone (although I found that to be particularly hit or miss upon testing). Other than that they are just a memory hog.

    1. sabroni Silver badge
      Facepalm

      Re: pretty much useless

      Too right. Letting you know you have malware on your phone is pointless if you can't automatically quarantine it. I'd rather let it run if the alternative is having to take some action myself....

    2. Anonymous Coward
      Anonymous Coward

      Re: Who'd-a-thunk it!

      And still there are those in denial.

  2. petur
    Go

    Sounds pretty reasonable

    Give the AV guys a way to run outside the sandbox and before you know it the nasties use that trick too... Control is best left to the OS and the user/admin.

    1. Mikel

      Re: Sounds pretty reasonable

      What you are missing is that the AV vendors utterly rely on their customers not being savvy enough to know this. So anybody who can spot the obvious flaw in their claim was never going to be a customer anyway. Think of it like how 419 scammers filter out people who are to smart for them, to save time.

    2. big_D Silver badge
      Facepalm

      Re: Sounds pretty reasonable

      Exactly. Secure design is secure. There shouldn't be any get-outs for AV software. If the AV software can autonomously remove malware, the malware can install or remove other apps as well...

      I'd rather have a good securely designed OS and have to do things manually.

      Just look at the stink the AV companies raised when Vista came along and they couldn't use backdoor methods to run any longer. The whole AV industry pretty much turned into a drama queen fest of bleeting hearts. "You can't make the OS secure, that is unfair on us!"

      1. Anonymous Coward
        Anonymous Coward

        Re: Sounds pretty reasonable

        Popular OS or software = popular target for attack.

        Windows and Android in the OS department.

        PDF, Java and Flash in the technology department.

  3. benjymous

    Presumably if you give the AV apps the ability to force uninstall other malicious apps, then you're basically also giving malicious apps the ability to force uninstall anything else

    if( user has installed an AV app )

    {

    force uninstall AV app

    display generic looking "Sorry, App not compatible with your device" message

    }

    1. big_D Silver badge

      Exactamondo

  4. Eugene Crosser

    Wait,

    do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!

    An that application is closed source, developed by a Russian company owned by a guy alleged to have ties with Russian secret service? And famous for advocating for compulsory real identity on the Internet?

    Uh-oh...

    1. Buzzword

      Re: Wait,

      On Windows, most of these "apps" are consumed as mere websites.

      This morning my Android device prompted me to update the HungryHouse.co.uk app. It requested an additional permission: get the list of currently running tasks. I cannot fathom why a takeaway ordering website wants to know what tasks I'm running in the background. I'll stick to ordering my food via the website, thank you very much.

      Browsers: the original sandbox.

      1. Dan 55 Silver badge

        Re: Wait,

        To find out how many people have Facebook, how many people have Twitter, what competition is running, and so on.

        You know how the Windows desktop has become a battleground with toolbars, search engines, browsers, antivirus engines, plugins, and so on all fighting for space and unsavvy users clicking yes to install them all, in all probabliy making the computer unusable? Well, that's what Android is too.

        1. Jes.e

          Re: Wait,

          I want to vote you both up and down.

          What you said about the Window ecosystem is correct.

          Anything you install in Windows can access anything in your account or anywhere in the system if installed as Administrator.

          The same is not true of Android, there is that whole "permissions" framework which the developer has to ask for.

          However.. most users don't even glance at those when they go to install an app and the developers, even the mainstream ones, ask for completely ridiculous capabilities.

          Recently Google itself updated the Maps application and it wants a new ability to connect and disconnect from Wi-Fi.. As this app seems to already have nearly every permission on the phone already I'm very leery.

          ..And seeing Google just removed the accidentally leaked App Ops which could potentially mitigate against such madness I'm feeling quite frustrated.

          Other than Google provided services, I don't have a single social network application on my Android phone as they want ridiculous capabilities.

          "Manage the accounts on this device", I don't think so!

          DESPITE this, the situation between Android and Windows security models is not at all similar.

          1. Number6

            Re: Wait,

            Other than Google provided services, I don't have a single social network application on my Android phone as they want ridiculous capabilities.

            I have the FB app on mine, mainly because it was pre-installed and I can't remove it, but I partly fixed that by not giving it any information in the first place. However, it's disturbing to find it running occasionally when I look through my list of running processes. I didn't ask it to start.

            1. KjetilS

              Re: Wait,

              @Number6

              You can always block it from ever starting if you disable it in the app manager.

            2. c:\boot.ini

              Re: Wait,

              I have the FB app on mine, mainly because it was pre-installed and I can't remove it, but I partly fixed that by not giving it any information in the first place. However, it's disturbing to find it running occasionally when I look through my list of running processes. I didn't ask it to start.

              What is that crazy OS you are running ? Unbelievable ... you cannot claim fb app is "a vital part of the operating system" ... worse, it starts on its own ?

              So, impossible to uninstall, starts on its own ... let me guess, sounds like Android or Windows ...

          2. Dan 55 Silver badge

            Re: Wait,

            Not at all similar, no, but the end result is the same - if the user doesn't agree to what the app wants then it won't get installed and if you do, it will. Some knowledgeable users might decide not to install, most users will. You might as well call the permission list a shortened EULA.

            There's no Blackberry-style way to go through the permission list and deny certain permissions or Symbian-style question the first time a permission is requested. Both of these are an incentive on the developer to reduce permissions and make their app less annoying. Android's is take it or leave it, but that assumes the user knows what 'it' is.

          3. c:\boot.ini
            Gimp

            Re: Wait,

            And on Android, you usually cannot launch the app if you do not grant it all "required" privs ... on my Blackberry, I can choose which ones to give and still use the app ... ok, some features will be disabled ... ;-)

            I feel sorry for the droid folks ... ;-)

          4. busycoder99

            Re: Wait,

            I agree with most of what you said, but I think you misunderstood the "Manage the accounts on your device" permission. This simply means the app has the ability to add an account/remove its own account into the account manager (like a sync app). It can't access sensitive information (passwords) from accounts created by other applications. Only apps that run on the same processes (meaning released by the same developer) can access each other's sensitive account information.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wait,

      "do you mean that on Windows, you allow some third party application to delete your files without asking your permission?!"

      There are normally quarantined first. You can get them back. At least you can protect the kernel from such a driver in Windows.....in Linux such a driver has to be part of the kernel!

    3. Anonymous Coward
      Anonymous Coward

      Re: Wait,

      > developed by a Russian company

      What is your problem with Russian companies? Don't like it? Set one up yourself in the country of your choice.

      And people think the brain-washed twats are the North Koreans. :-(

  5. Anonymous Coward
    Anonymous Coward

    Has anyone tried an av app for android, or had malware installed on their device? I'm curious as to what it does, how one knows and if the av software would give enough details as to which app is infected. I like my devices, but some of the apps and their requirements is just bizarre. Why does a simple app need access to my camera, or my contact list, or anything for that matter? And this is not some silly little game app, this is apps from large vendors to make it easier to navigate their store as opposed to web surfing, which we know not all sites are designed for tablets.

    I do like the simplicity of tablets, but I do not trust them or google to protect me

  6. Tom 7

    Windows level of performance

    You have to admit that there has been a considerable amount of testing to achieve that performance level.

  7. MrWibble

    "... but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

    Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

    1. Anonymous Coward
      Anonymous Coward

      > Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

      I was going to post exactly the same question. Good thing I read the other comments first.

    2. Anonymous Coward
      Anonymous Coward

      "... but rooted devices usually have other kind of security issues, therefore we wouldn't recommend this step," he explained.

      Go on then, enlighten me, what "other kind of security issues" are there (beside user stupidity)?

      <CrazyRumourMode>

      Weeellll... Someone I know wot works for the abuse dept of a major ISP and is a bit of a hobby hacker to complement his line of work, assures me that using Kali Linux it is entirely possible for him to hack into a rooted Android phone via its wifi connection, overload the processor voltage and burn it out, thus physically destroying said phone. Apparently can't be done on unrooted devices.

      In truth I'm never quite sure whether to believe everything he says and I can't be arsed to verify these claims at present because I'm supposed to be doing work, but by all means have a Google yourself and let us know if it's true. Good story either way.

      </CrazyRumourMode>

  8. heyrick Silver badge

    Flip side of the coin...

    ...is allowing random apps the ability to remove other apps. Sure, this would be great for Avast and doubly so if you can get rid of the crap the manufacturer sticks on and won't let you uninstall even if it is flagged as malware... but like many other Android permissions (hello phone state and identity) it would be abused.

    Maybe a workable compromise would be for some sort of API disclosed to known recognised AV companies?

    1. Anonymous Coward
      Anonymous Coward

      Re: known recognised AV companies

      Theoretically a good idea, but then FamousLegitAntiVirusNotAHoaxWeSwearGuysWereWhiteHatHaxorzInstallOutAppzGoldenPalace.com would complain and fill suits about discrimination and cartels and monopolies and whatnot.

    2. Mr Flibble
      FAIL

      Re: Flip side of the coin...

      “Phone state and identity” is a very good example of one which needs to be split up. Knowing when a phone call is active is one thing; reading the phone nos. and device IDs is entirely separate and usually completely unnecessary.

      Without checking further, I'm quite sure that there are others which should be similarly split.

  9. bazza Silver badge

    Crazy Platform

    This sounds like madness. Not even in the darkest days did Windows XP stop AV software from cleaning up viruses. At least XP allows a modestly competent user to reinstall from scratch if necessary. What on earth do Google think they're doing?

    Except of course the end user isn't dealing with Google, it's "not their problem" (unless it's Nexus). The end user deals with Samsung, Sony, etc or more likely with their network provider. And there's nothing they can do, because actually it all comes from Google.

    Google really seem to be doing their best totally screw up Android. They're just one big hack away from driving all their customers to another mobile phone platform like iOS, Win phone, etc. And I'm pretty doubtful of Android's ability to resist hacks.

    1. Anonymous Coward
      Anonymous Coward

      But also:

      Not even in the darkest days did Windows XP stop viruses from cleaning up AV software.

      1. bazza Silver badge

        Re: But also:

        "Not even in the darkest days did Windows XP stop viruses from cleaning up AV software."

        True enough, but at least that was by mistake. At least I am presuming that it wasn't deliberate on Microsoft's part...

        Android is seems designed to make life harder for the AV guys than it is for the malware authors. I just wonder when it will occur to Google that they've a properly bad security problem and that their design is preventing other people from fixing that problem for them. Maybe they don't care, sales are great, but it's not exactly setting themselves up for a glorious long term future, is it?

        Look at the things with major security problems at the moment. Java - who is running that in their browser these days? Adobe reader - so bad that the browser writers are developing their own PDF plugins. Flash - eek! Yahoo has a number of security problems, so people go to Google, Outlook, etc. MS are still around of course, but Apple did very nicely out of OS X's reputation for being more 'secure'.

        In short, people start to drift away from platforms that have feeble security. Google can't afford that. They will actually have to fix it sooner or later.

    2. Andy Nugent

      Re: Crazy Platform

      "At least XP allows a modestly competent user to reinstall from scratch if necessary" - also known as a factory/hard reset on Android (and other smartphone OSs, Symbian had it, Windows Phone has it, etc.).

      1. bazza Silver badge

        Re: Crazy Platform

        "also known as a factory/hard reset on Android (and other smartphone OSs, Symbian had it, Windows Phone has it, etc.)."

        So what? If a factory reset merely results in you having a phone as insecure as it was before, how exactly are you better off, and how exactly do you stop the same nastie getting in?

        At least with a PC or Mac you can reinstall back to clean, get a better AV package and install a load of updates and be more secure that you were before.

        1. c:\boot.ini

          Re: Crazy Platform

          In over 15 years of IT, I have yet to come across a single Mac that needs to be reinstalled because it had a virus ... last time I looked there were 7 viri for Mac OS X vs 300 000 to 2 000 000 for Windows (depends how the vendors count mutations) ... Macs still need av software just in case something bad crawls up one day ... I have personally owned half a dozen, work in a business with plenty of Macs (90% in my team have Macs - we have choice of OS, I use debian)

    3. eulampios

      Re: Crazy Platform

      bazza, you seem to not understand. Android, unlike any version of Windows, isolates apps giving them separate uid's and thus has them running in a sandboxed env. Each uid routinely joins various groups with different permissions. These permissions are also transparent to a user.

      All apps are pretty much equal and cannot have higher privileges over each other. An admin (the user) or root can go over their heads. You cannot simply allow an app on an unrooted system to do just that.

      All those features combined is a good measure against malware already.

      This is why Windows is so vulnerable and helpless against viruses and trojans. MS Windows is the one that is crazy.

      1. bazza Silver badge

        Re: Crazy Platform

        " Android, unlike any version of Windows, isolates apps giving them separate uid's and thus has them running in a sandboxed env. Each uid routinely joins various groups with different permissions. These permissions are also transparent to a user.

        All apps are pretty much equal and cannot have higher privileges over each other. An admin (the user) or root can go over their heads. You cannot simply allow an app on an unrooted system to do just that.

        All those features combined is a good measure against malware already."

        Boring, and useless. Android is riddled with money stealing malware that no-one is doing anything about. If all that guff you've spouted is worth a damn, why are there so many Android nasties doing the rounds?

        It is very obvious that the Android sandbox isn't worth a damn. I don't care if it's design is any good or not, the end result is that there's a shed load of Android malware. And yet the sandbox and OS architecture in general is set up to prevent anything (i.e. anti-virus software) doing anything about it. Seems that to have effective protective software the AV guys would have to use the same tricks as the malware guys are using in the first place. That's a simply crazy position for a software ecosystem to be in.

        1. eulampios

          Re: Crazy Platform

          Indeed boring for a Windows-oriented mind. Too much simplicity, order and too little mess, bloat and room for the MIcrosoft-type creativity .

          Android is riddled with money stealing malware that no-one is doing anything about

          In you dreams and imagination it might be. Android malware are always presented in numbers that are available for download (usually outside of Google Play). No numbers of successfully installed ones are ever given., unlike with MS Windows where we almost always know an estimate for the number of PC to suffer from a particular malware.

          I don't care if it's design is any good or not, the end result is that there's a shed load of Android malware.

          Right, good design is detrimental, let's rewrite the postulates of modern IT... How big is this shed that gets to actually infect?

          (Anti) Virus software is an afterthought, and the result of many Microsoft's blunders, it's not a good idea after all.

          1. sabroni Silver badge
            Meh

            Re: No numbers of successfully installed ones are ever given.

            You say that like it's a good thing. It would be much better if the number was known and it was insignificant. You imply that this lack of knowlege is because the number is small, I hope you're right, I fear you're not.

            1. eulampios

              Re: No numbers of successfully installed ones are ever given.

              "Ei incumbit probatio qui dicit, non qui negat"

              Presumption of innocence, Codex Iustinianius.

              I say it, because, most Android's critics, who deplore the malware affairs almost always insinuate the equity between being available and being installed. I also tell you that, if the latter number were in any way discernible, it would be apparent and much better pronounced in the press and everyday life. We would see it in real action, hearing about complaints, having acquaintances, relatives and friends to tell their funny stories, just like in case with MS Windows of whatever version. Nothing of this happens which implies its insignificance for Android.

          2. freddyeggs

            Re: Crazy Platform

            He is a completely clueless nutcake, pleas don't feed the TROLL!

        2. Anonymous Coward
          Anonymous Coward

          @bazza

          I really hope you are trolling because I can't believe you would get anyone who chooses to visit this site be so technically illiterate.

          There's no way anyone (apart from you) could think that opening up a massive security hole in an OS is a good idea just in case the user ignores the warning message saying "you are about to install a virus, I recommend you do not continue".

          Every app that will cost you money is highlighted quite clearly to you before it does - e.g. phone calls, texts etc. Your choice to allow it.

  10. Alan Denman

    Out of sight out of (your) mind?

    The flip-side of that coin is that where AV is barred you are at the mercy of supreme controller and his skills.

    It may surely happen one day that Apple will be made liable when all them 'forced ignorant' users get stung.

  11. Dave Bell

    Have you considered the implications of this for corporate security? Can a company trust anyone on the outside to delete malware, when it's at least possible that the malware has been installed by the NSA? Can you rely on Google? Or Apple? There is at least a chance that a large company could sponsor something such as Cyanogen and have an Android version that they control.

    And if you're in a critical job, that could mean that your phone is regularly wiped, and reloaded from a secure source. Though if you're being that careful, the way the actual non-Android part of the phone is programmed is pretty scary.

    If you think you might be a target, is there anyone you can rely on?

    1. Chris T Almighty

      "If you think you might be a target, is there anyone you can rely on?"

      Well, no. If you think the NSA are after you, you should probably avoid using a smartphone.

  12. codeusirae
    FAIL

    Android malware becoming a growing nuisance?

    There's no technical protection from some users going to malicious sites and downloading malicious software.

    1. bazza Silver badge

      Re: Android malware becoming a growing nuisance?

      "There's no technical protection from some users going to malicious sites and downloading malicious software."

      Yes there is, it's called an Anti-Virus package that is actually empowered to stop nasty things running in the first place. The problem with Android is that it won't let an AV package do that, and Android doesn't prevent it either.

      Google's whole security set up for Android is terrible. There's no proper update mechanism, there's no means for third party AV software to properly help, Android's security model is seemingly not very effective anyway (why else the malware?), and Google don't seem to be very intent on fixing any of this.

      One might as well don a grass skirt and conduct some sort of shamanistic ritual over one's phone, that would be a security measure as effective as any other...

  13. Anonymous Coward
    Anonymous Coward

    @ Bazza

    You need to cut down on the coke, mate.

    I can picture you gnashing your teeth as you wrote all the above nonsense. :-)

  14. Anonymous Coward
    Anonymous Coward

    I did some testing...

    Android malware is very real.

    I have a couple of spare android phones so i intentionally set about infecting one of them with malware. I setup a temp google account, brand new gmail account and inserted a payg sim.

    All i can say is i did encounter malware, i could see it doing stuff when packet sniffing my router. Connecting to Russian sites.

    I also left the phone overnight, about 3am i saw it light up and install a few apps itself. I also saw it send a few text messages to some fake contacts i set up in Gmail.

    This was about 2 years ago and i reported it to Google but got no reply.

    The biggest culprit seemed to be screensaver apps at that time. In particular, football club screensavers and live wallpapers.

    I also have a couple of colleagues who were not careful and got hit with something that sent out a load of text messages from their phones. Also one particular colleague who's Android phone emailed a penis enlargement spam email to our boss and pretty much everyone in his contacts.

    Thanks.

    1. Anonymous Coward
      Anonymous Coward

      Re: I did some testing...

      Hey, who could argue with top quality evidence like that? And yet Google ignored you. Bastards!

  15. Anonymous Coward
    Facepalm

    News just in:

    Android prevents applications from buggering about with other applications.

    It's called security, you know.

  16. Anonymous Coward
    Anonymous Coward

    AntiVirus companies make a fortune.

    I'm pretty sure they have contractors writing the viruses or some scheme where virus authors can submit their virus for a payment.

  17. Mark Eaton-Park

    With regard to android permissions

    It would be nice for Google play to limit permissions on paid apps to the minimum required for the application's function and on the "free" apps side I would require the authors to specify where the monitoring information is going, especially where this data is leaving the area of data protection provide by your local legislation, supposedly a requirement in the UK.

    That they do not is part and parcel with whom is providing the service, surely is cannot be a surprise to anyone that Google care little for your privacy when they are so forward in pointing out that they make most of their money on advertising revenues.

    As to security issues with jail broken android images, they do exist so long as you don't compile your own image from scratch using drivers direct from the hardware manufacturer. The lack of driver availability is where the problem usually arises especially where the hardware manufacturer has a vested interest in keeping you on their image i.e they are getting a cut from data leaked by the device you paid for.

    So unless you have jail broken your android device and rebuilt it manually from scratch with known good code (ideally some other Linux ) then you should not be trusting it with anything you do not want to see in the wild.

This topic is closed for new posts.

Other stories you might like