Android Jelly Bean Malware Scanner Comes Up Short

By Khurram Aziz | Dec 12, 2012 09:55 AM EST

Share This Story

  • Print
  • Email

The malware scanner which comes with Google's latest Android 4.2 Jelly Bean operating system has a detection rate that falls far behind that of third-party anti-virus products, a new study has shown.

Follow us

Researchers at North Carolina State University who looked at the updated OS for smartphones and tablets said the service needs much improvement before it's considered effective.

The study, titled "An Evaluation of the Application Verification Service in Android 4.2 Antivirus", said anti-virus software needs to have a malware detection rate of more than 80 percent to be considered effective. However, out of more than 1,200 malware samples tested, the Android scanner detected only 193 - a detection rate of only 15.32 percent, the study found.

"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android," said Xuxian Jiang, Associate Professor in Department of Computer Science at NC State University, who led the study. "However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement."

The in-built Android scanner checks apps downloaded from marketplaces other than Google Play - the official Android app store. The study says that the weakness of the scanner is the limited amount of data the service collects on an app in order to see if it matches malware traits. This data includes the app name, size and version, the URL associated with the app and the SHA1 value - a cryptographic hash function designed by the National Security Agency.

These mechanisms can easily be bypassed by cybercriminals and to make the service more effective Google would need to gather more information, such as uploading the whole app to its server for analysis, Jiang said.

But this would cause unacceptable delays for many Android users as well as raise privacy concerns.

"It really requires a very delicate tradeoff," said Jiang, who suggested Google was erring on the side of caution in gathering user data.

"So far, too little information has been used," he added. "Google has been very cautious in trying to avoid triggering user concerns on privacy."

Most Android users can avoid running into malware simply by only downloading software from Google Play, where each app is vetted by Google before it is made available.

"If the user just buys the phone and never uses any additional apps and never clicks any untrusted links, then likely he will not need any [antivirus] solutions," Jiang said.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
Shazam for iOSApple to integrate Shazam into iOS 8, allowing users to ask Siri what’s playing?
Sony PlayStation 4 on the rise: Seven million units sold, future update hinted
Amazon’s upcoming 3D smartphone leaks in first images, with more spec details
Google: All Glass spots claimed in Explorer Program after April 15 one-day sale following KitKat update
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps