The malware scanner which comes with Google's latest Android 4.2 Jelly Bean operating system has a detection rate that falls far behind that of third-party anti-virus products, a new study has shown.
Researchers at North Carolina State University who looked at the updated OS for smartphones and tablets said the service needs much improvement before it's considered effective.
The study, titled "An Evaluation of the Application Verification Service in Android 4.2 Antivirus", said anti-virus software needs to have a malware detection rate of more than 80 percent to be considered effective. However, out of more than 1,200 malware samples tested, the Android scanner detected only 193 - a detection rate of only 15.32 percent, the study found.
"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android," said Xuxian Jiang, Associate Professor in Department of Computer Science at NC State University, who led the study. "However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement."
The in-built Android scanner checks apps downloaded from marketplaces other than Google Play - the official Android app store. The study says that the weakness of the scanner is the limited amount of data the service collects on an app in order to see if it matches malware traits. This data includes the app name, size and version, the URL associated with the app and the SHA1 value - a cryptographic hash function designed by the National Security Agency.
These mechanisms can easily be bypassed by cybercriminals and to make the service more effective Google would need to gather more information, such as uploading the whole app to its server for analysis, Jiang said.
But this would cause unacceptable delays for many Android users as well as raise privacy concerns.
"It really requires a very delicate tradeoff," said Jiang, who suggested Google was erring on the side of caution in gathering user data.
"So far, too little information has been used," he added. "Google has been very cautious in trying to avoid triggering user concerns on privacy."
Most Android users can avoid running into malware simply by only downloading software from Google Play, where each app is vetted by Google before it is made available.
"If the user just buys the phone and never uses any additional apps and never clicks any untrusted links, then likely he will not need any [antivirus] solutions," Jiang said.
© Copyright 2020 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton