Well-known testers AV-Test recently looked at free AV apps for Android devices. They used a Samsung GalaxyTab GT-P1010 (Android vs. 2.2.1) as a testbed, testing both on-demand and on-access scanning, and using commercial scanners by F-Secure and Kaspersky for comparison.
The commercial scanners did a lot better in the on-demand scanning tests (more than 50% detected) against 32% by the best-performing free app and 6% and 1% respectively by the 2nd and 3rd ranked apps. Three other scanners scored zero in the on-demand tests. However, AV-Test did note that some scanners (which was not specified) only scan installed apps, which to me says that static testing of inactive products on an SD card is potentially misleading unless you assume that static scanning on removable media is sine qua non. That’s probably a debate for another time.
In the on-access (0n-installation) test, F-Secure and Kaspersky scored 100%. Since the test set was ten of the apps most often diagnosed as malicious by the scanners used by AV-Test for validating its Android sample collection, it would probably be somewhat disappointing if they didn’t. Still, the real shocker here is that while the app that did best in the static test scored 8/10, three of the others only detected 1/10, while the others didn’t detect any.
Here’s food for thought. The app with the largest user base (1- 5 million) scored zero in both tests. Given the steady increase in malicious Android apps (the static test used 172 samples, none more than five months old), it might be time for Android users to consider whether they can afford to use a free AV app, or whether they might at least need to see how well their favoured product does in comparative tests. Andreas Marx told The Register that AV-Test will be running further tests of this sort, and I know that other testing and certification agencies are also looking at mobile security testing.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow