Does mobile antivirus really work?

Discussion in 'other anti-virus software' started by acr1965, Aug 9, 2015.

  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have been reading on this topic for a while and am getting all sorts of conflicting answers. From the info I come across, the main concern about mobile antivirus programs is that apps downloaded from the Google Play store cannot be scanned on download and once installed cannot interfere with other apps (or be interfered with by an AV) because of the Android sandboxing features. I also read that the only effective scanning of apps by a mobile AV is when the app is side loaded as opposed to downloaded from Google Play. I'm assuming if an app is downloaded from a 3rd party source (not Google Play, Amazon, F-droid) such as directly from a website, the app can be scanned on download although I'm not 100% sure of that.

    I understand that mobile antivirus programs have additional features, such as finding lost phones and wiping data remotely. Those useful features are not the topic of this thread. I only want to know if mobile antivirus programs work or not. Specifically, if a non rooted phone downloads an app from a repository such as Google Play, will a competent antivirus be able to effectively scan the app on download, install and execution?
     
  2. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    528
    The threat of android malware is real. Here are a few links:
    http://lifehacker.com/5861757/do-android-antivirus-apps-actually-do-anything
    https://www.av-test.org/en/antivirus/mobile-devices/android
    http://www.androidcentral.com/stagefright
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I'm not suggesting android malware isn't real. I'm asking if android antivirus can actually do anything about it. Can a competent android antivirus scan on download from the Google Play store? Or only apps that are side loaded? Can a competent android antivirus scan on install and execution of a program? Or do the sandbox features of the android system effectively prevent this? Can a competent android antivirus monitor installed and/or running programs and stop them if necessary? Is a rooted device needed for an antivirus to work effectively?
     
  4. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    528
    A good security app will not need root and can scan downloaded/installed apps (even when run). I currently use Sophos. Take a look at the av-test link for a list of tested apps. Sophos will scan all files downloaded with a browser as well as play store or sideloaded apps.
     
  5. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Vendors like TrendMicro promotes their (Android) Mobile Security App as "Scans every app you have installed and every one you download to filter out virus and malicious apps that can steal your information and cost you money". At this point, I'm not sure if such feature effectively scans the Apps for malicious code or, instead, the AV detects them according to a "blacklist" check.

    I personally don't run any AV on my Android phone.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I think the scan is done after they're installed, at least that appears to be the case for CM Security.
     
  7. m0unds

    m0unds Guest

    AFAIK, Android AV can't uninstall a malicious app after it's installed. It can only prompt you to remove it by way of the standard "uninstall" dialog you see when you remove an app from your device. Some of them can remove files from the filesystem, if you have something malicious on device storage that isn't an app (not talking malicious APKs here). On-access scanning isn't really feasible w/mobile devices that have limited battery life. Most Android AV will scan at install of new apps, referencing a blacklist of "bad apps". Some (Sophos comes to mind) provide web filtering, but that's getting to be redundant as google's own safe browsing service has improved significantly over the last 18 months, often blocking stuff that common PC AV companies don't.

    Regarding remotely exploitable vulnerabilities like stagefright, I don't believe there's much an Android AV could do to help, aside from prompting the user to disable automatic MMS retrieval (and that's assuming there's some way for the app to know whether that setting is toggled and in which apps it is, since any messaging app that can handle MMS would likely be vulnerable).

    Personally, I don't see a point to installing AV on my mobile device. I don't sideload random apks, I don't dabble in app/game piracy (pirated apps are a common source of malicious software on Android devices) and I don't install random sketchy stuff from the play store. Your habits may be different. As for the value added stuff like device location/locking/wiping, that's built into the OS (Android device manager) on newer devices and it's also a component of security policy enforcement if you have corporate mail on your device (Exchange, google apps), so I don't really see much of a point to it anymore either.
     
  8. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    I don't know who's saying that but I know avast! and eset do from personal experience.

    I'd pretty much echo @m0unds post except to point out that malware can and has made it to the Play store (it's not like they're going to test every app, which is fine) and there are other repositories worth having (F-Droid) as well as some sideloads (Xprivacy/Xposed framework). Still, not much of a concern like a Windows box is.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    All Android antiviruses do scan the apk (installer) file when you download an app from Google Play. Also, they can scan every app you already have installed on your device.
    However, while Android malware does exist, it is only a minor issue. In nearly five years of using Android phones I've never encountered any malware, despite installing many hundreds of apps from Google Play, 3rd party Chinese app stores, and sideloading apps.
     
  10. m0unds

    m0unds Guest

    google is allegedly going to start hand-validating every app submitted to the play store to help address the image that android is like windows in the late 90s/early00s. i'm not in denial that there has been malicious stuff on the play store, but it's infrequent enough that i'm comfortable not fretting about it.

    i don't touch xposed mostly because i don't want to spend the time i feel would be necessary to validate the safeness of the stuff being given root access to my device.
     
  11. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    Xposed + Xprivacy is the chief reason why I haven't updated to Lollipop: it's that good. I don't have to worry about my info getting leaked and spammed (too many harvesters out there). I don't worry about root access so much as PII/contact info access. Until Google makes permissions permissions rather than all-or-nothing requirements, Xprivacy it is.

    The secondary reason is that, likewise without the framework, I can't customise it and the L UI is terrible. I call it "Android Vista 8 Millennium". Maybe M will be the xp/7 and the essential hacks will be complete by then.

    It's a pretty safe bet that if you're installing something with a good reputation--quantity of users over time or recognition/presence on xda-developers--you have nothing to worry about.
     
  12. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    333
    Xposed works on Lollipop. Using it right now.
     
Loading...