If you have always been kind of doubtful about the incredibly huge number of antivirus apps on Google Play Store, then your suspicion might have served your right.
I’m pretty sure we’ve all been through this phase of installing a “know-it-all software”, hoping and trusting that it will keep the annoyance away and still reserve its boundaries of privacy in the process. I would bet some of the users are still doing that.
Well, it does seem that over two-thirds of those apps that happily present themselves on Play Store are straight up fraudulent, leave alone being futile. A European company called AV-Comparatives just published research with the findings of tests done on 250 antivirus applications on Google’s platform.
The study apparently reveals that in the list, only 80 of them passed the site’s basic standards, showing competence at their work by detecting over 30% of around 2,000 venomous apps that AV-Comparatives threw at them.
The remaining about 170 apps showed too much failure to fit the benchmark, misidentified harmless apps as malicious with some of them even flagging themselves. In the short version, those apps suck.
According to the COO of AV-Comparatives, Peter Stelzhammer, the research even came to find bogus apps that labelled themselves as part of antiviruses. “In the times of rogue of antivirus software, you have to be aware of everything”, he added. The research approach must have been pretty easy if you ask since apps that only focus on whitelisting apps tends to block a whole lot of genuine ones.
In this case, the study notes that the antiviruses even forgot to list themselves as genuine, demonstrating huge failures. If you ask me, the common failure is pretty simple; they are not scanning app code and if they do, they are quite shady. That code may actually tend to also whitelist malicious codes that are actually from hackers so long as they cloak themselves in the name of a genuine one.
So why do programmers go through all the trouble of creating broken apps in the name of an anti-virus? To get users’ personal data. Apps like these and basically all antiviruses originally ask for deep permissions which they immediately get.
It does seem like data privacy is something we will always come back to when it comes to software and tech generally. These malicious apps are infamous for just pushing content into a phone and also being used to gather data from the phone. That data ranges from the device’s model, live GPS location, the phone number, online services and any other information up for grabs.
The apps that actually met the authenticity standards are those from security brands familiar to us, names like Kaspersky, AVG, McAfee and Symantec. However, those that failed the test showed a familiar pattern of being created by amateur developers, were cookie-cutter apps or were from companies that really don’t care about security.
With Google being quiet about these finding, it is getting clearer that they have done a bad job in verifying the apps that come into the market. This may also serve as a reminder to users to be careful in what antivirus apps they bring in to their devices. However much it would be slightly possible for Google to verify the genuine apps, they cannot save you in terms of the quality needed to safeguard your phone.