Google’s Android 4.2 App Verification Service Falls Short Versus Competing Anti-Virus Engines

Early last month, we learned about what Google had in store for its "App Verification Service" that comes bundled with Android 4.2 (Jelly Bean). The concept was simple; the app would gather bits of information about any app you are about to install, send that information to Google's servers, and then send back the a-OK or a red flag. Sounds good in theory, but how does it really fare?

According to researchers at NC State University, not too well. When hit with 49 randomly selected pieces of malware, Google's scanner raised the red flag for only 20.41% of them. This, compared to most other scanners with 90%+ averages - two with 100% (it's not mentioned which ones these were). Clearly, Google's App Verification Service has a little ways to go.

One could say that this isn't much of a surprise, given Google's app-scanning service launched a mere month ago. However, the fact of the matter is, it simply can't be relied-upon too heavily at the current time. With these results, we'd have to imagine that Google's work in building up its database started not too long before launch - further fueled by the fact that the company only just purchased the anti-virus service VirusTotal.

What should be clear though is that Google's service will get better with time. Along with some of the information we discovered last month, the researchers at NCSU discovered that Google's platform works by sending the app name, SHA1 hash, size, version and URL back to its servers. Unlike typical virus scanners, Google's doesn't seem to use heuristics to discover a piece of malware. Instead, it relies on returning specific information about known malware-infested apps. It shouldn't be long before more advanced techniques are employed, given the company's VirusTotal purchase.

If there's one thing that this entire report points out, it's that app-scanning on Android is big business. As seen in the graph above, ten different AV solutions were tested - that's about 8 more than I even knew existed. And with the amount of malware that's listed in the article's tables, it does make one wonder if running an AV solution would be a good idea after all. 

Or, an alternative would be to download through the Google Play Store and exercise caution whenever side-loading something. These practices alone should easily safeguard you from most potential issues.

Tags:  Android, Mobile, security

blog comments powered by Disqus