Virus Protection

Virus Protection
The media is full of reports saying Android malware is exploding and that Android users are at risk. Does this mean you should install an antivirus app on your Android phone or tablet?

While there may be a lot of Android malware in the wild, a look at Android’s protections and studies from antivirus companies reveals that you’re probably safe if you follow some basic precautions.

First, lets look who the Big Bad Wolf for your little Android riding hood really is:
Spyware, the lion's share of Android malware. Just more than half are applications that have deep access and permissions to your system, or which exploit vulnerabilities in Android to gain root access to the device, collect information about the device and the user, and then send it back to the app's developer. Many of those applications masquerade as legitimate ones (like an app that looked so much like the official Netflix app that it was hard to tell the difference).
SMS Trojans, operate in the background of normal applications, sending SMS messages to premium rate numbers, or numbers that charge you each time an SMS is sent to them. The same way you can send an text message to vote for an outcome on a television show (and conveniently pay the show a fee for sending that message), these trojans send messages to numbers—often international—owned by the attacker. In fact, you don't even notice the unusual behavior until you review your cell phone bill, or check your account to see if there's been recent SMS activity. Of course, by the time you see it, the messages have already been sent, and your account has already been billed. SMS trojans account for just less than half of all Android malware.​
Ok. Now we know our enemy. The next useful thing to be aware is that Android itself has some built-in antivirus features. Before considering whether an antivirus app is useful, it’s important to examine the features Android already has:
  1. Google Play apps are scanned for malware: Google uses a service named Bouncer to automatically scan apps on the Google Play Store for malware. As soon as an app is uploaded, Bouncer checks it and compares it to other known malware, Trojans, and spyware. Every application is run in a simulated environment to see if it will behave maliciously on an actual device. The app’s behavior is compared to the behavior of previous malicious apps to look for red flags. New developer accounts are particularly scrutinized – this is to prevent repeat offenders from creating new accounts.
  2. Google Play can remotely uninstall apps: If you’ve installed an app that is later found to be malicious, Google has the ability to remotely uninstall this app from your phone when it’s pulled from Google Play
  3. Android 4.2 scans sideloaded apps: While apps on Google Play are checked for malware, apps that are sideloaded (installed from elsewhere) were not checked for malware. On Android 4.2, when you first try to sideload an app, you’ll be asked whether you want to verify sideloaded apps are safe. This ensures that all apps on your device are checked for malware.
  4. Android 4.2 blocks premium rate SMS messages: Android 4.2 prevents apps from sending premium-rate SMS messages in the background and alerts you when an app tries to do this. Malware creators use this technique to rack up charges on your cell phone bill and make money for themselves.
  5. Android restricts apps: Android’s permission and sandboxing systems helps limit the scope of any malware. Apps can’t sit in the background and watch every keystroke or access protected data, such as your online banking credentials from your bank’s app. Apps must also declare the permissions they require at installation.



Prior to Android 4.2, the majority of Android’s anti-malware features weren’t actually found on Android devices themselves – the protection was found in Google Play. This means that users who download apps from outside the Google Play store and sideload them are more at risk.

A recent study by McAfee found that over 60% of Android malware samples they received were from a single family of malware, known as “FakeInstaller.” FakeInstallers disguise themselves as legitimate apps. They may be available on a web page that pretends to be an official website or on an unofficial, fake Android Market with no protection against malware. Once installed, they send premium-rate SMS text messages in the background, costing you money.

On Android 4.2, the built-in malware protection would hopefully catch a FakeInstaller as soon as it’s sideloaded. Even if it didn’t, Android would alert the user when the app tried to send SMS messages in the background.

On previous versions of Android, you can protect yourself by installing apps from legitimate sources, such as Google Play. A pirated version of a paid app offered on a suspicious website may be stuffed with malware – just like on Windows.

Another recent study by F-Secure, which found that Android malware was exploding, found a scary-sounding 28,398 samples of Android malware in Q3 2012. However, only 146 of these samples came from Google Play – in other words, only 0.5% of malware found was from Google Play. 99.5% came from outside Google Play, particularly on unofficial app stores in other countries where no checking or policing for malware is done.

REMEMBER: The scary numbers are there because of the growth of the platform. Scary shocking news sells AV protection, plain and simple!

Don’t download apps from links or messagesLimit your apps downloads to reputable, well-managed app stores. Although there’s no guarantee apps in Google Play, the Amazon Appstore, or other above-board ventures are safe — and, as we saw above, popularity is no guarantee of safety — well-managed stores are less likely to be serving up malware than apps available via direct download. Remember: one way scammer and cybercriminals get people to install malware is by sending links via email or text messaging — it’s particularly effective with children and folks who aren’t technically savvy.

Read those permissions warnings!When you install an app from Google Play, you’ll be asked whether you want to grant it permission to sense SMS or MMS messages, access browser history or bookmarks, or access your contact data. Think careful about those permissions. Does that casual game need to send text messages? Why does that free disco-party flashlight app need to access your browsing history? If it doesn’t make sense, don’t grant the permissions.

The majority of malware comes from outside the Google Play store. If you only install apps from Google Play, you should be fairly safe – especially if you check the permissions an app requires before you install it. For example, don’t install games that require permissions to send SMS messages. Very few apps (only apps that interact with SMS messages) need this permissions to function.

If you only install apps from Google Play, you shouldn’t need an antivirus. However, if you regularly sideload apps from outside Google Play, you should probably install an antivirus app just to be safe. Of course, it’s generally best not to sideload suspicious apps in the first place. There are exceptions, such as installing apps from the Amazon Appstore, downloading games you’ve purchased from the Humble Indie Bundle, or installing the Swype keyboard from Swype’s website, but you probably shouldn’t downloaded pirated games from suspicious websites – of course, that’s just common sense.


Since many Android security apps combine anti-theft features with backup and antivirus, it won’t hurt to install them, but a pure antivirus solution might not be so worthwhile. In the future, antivirus on Android may move from a ˝good to have˝ feature to a ˝must have˝ component. It doesn’t sound like we’re at that point yet. Right now, it depends more on how careful you are.
If you’re wondering about the disadvantage of installing antivirus then it really boils down to three things:

  • cost (which you can avoid with a free option)
  • footprint (it will eat some processing power)
  • false positives (it will occasionally identify legitimate apps as malware)
Mobile Anti-Malware Utilities for Android are Not Perfect, Forget the Same Protection You Get on the Desktop
A chart from AV-Test's report showing the top 17 Android apps for malware detection. Red boxes mean the family of malware went undetected; orange through green indicates partial detection through full detection of the samples in a given malware family. App names are organized alphabetically.
credits: Chris Hoffman, Alan Henry, Seth Rosenblatt
by arawn
Feb 11, 2013