28 Android security apps tested

28 Android security apps tested

Summary: [CORRECTION] Applying some of the more than 1.5 million new Android malware samples found this year, independent lab AV-Test compares Android solutions. They also look at usability, impact on system performance and other security features.

TOPICS: Security, Android

Independent test lab AV-Test.org has completed a comparison of 28 Android security apps.


[CORRRECTION: An earlier version of this story mistakenly swapped some of the vendor names in the table at the bottom. We apologize.]

The problem of malware on Android is a controversial one: Clearly there is a lot of malware — AV-Test says that in November of this year they received about 6,000 unique samples per day, for a so-far total in 2013 of over 1.5 million — but there isn't as widespread a perception of the need for security products as there is, for instance, on Windows.

The quality of the Android security products tested has gone up from their last evaluation: The average detection rate was 96.6%, over 6% better than the last test. There were only a few false positives, only a few products performed poorly, and 8 products got essentially a perfect score. The detection tests were performed against a set of 2,124 malicious apps.

AV-Test looked at more than just malware detection. Nearly all of the products have some additional security feature like anti-theft, backup and encryption. Their usability tests used the following criteria:

  • Performance: The app does not impact the battery life
  • Performance: The app does not slow down the device during normal usage
  • Performance: The app does not generate too much traffic
  • False warnings during installation of legitimate software from Google Play and their usage
  • False warnings during installation of legitimate software from 3rd party app stores and their usage

Many products have free and paid versions with different features, but the range of feature differences between the free and paid versions is large. Make sure to look at the products carefully if this matters to you.

The non-detection features AV-Test looked for were:

  • Anti-Theft (Remote-Lock / Remote-Wipe / Locate): Locate, Lock or Wipe your device when it is lost or stolen
  • Call Blocker: Block calls from specific or unknown numbers
  • Message Filter: Filter messages and/or mails for unwanted content
  • Safe Browsing: Protection of malicious websites and/or against phishing
  • Parental Control: Features to control or observe the activity of children on the device
  • Backup: Personal data can be saved to SD-card or cloud storage
  • Encryption: Any kind of encryption is supported (e.g. device encryption, SD-card encryption or VPN)

AV-Test states that they developed all test criteria in close cooperation with the developers and users of the tools. Vendors were allowed to cross-check the results.

So are there actually real security threats out there for Android users? The people who write security software think there is, and so do the people who write malware.

Below is the complete list of products tested and the main test results:

  Protection (0..6) Usability (0..6) Other features? (0/1) Detection Total
avast! Mobile Security version 3.0 — Google Play 6 6 1 %100.00 13
Avira Free Android Security version 2.1 — Google Play 6 6 1 %100.00 13
ESET Mobile Security & Antivirus version 2.0 — Google Play 6 6 1 %100.00 13
Ikarus mobile.security version 1.7 — Google Play 6 6 1 %100.00 13
Kaspersky Internet Security version 11.2 — Google Play 6 6 1 %100.00 13
Kingsoft Mobile Security version 3.2 — Google Play 6 6 1 %100.00 13
Trend Micro Mobile Security version 3.5 — Google Play 6 6 1 %100.00 13
TrustGo Mobile Security version 1.3 — Google Play 6 6 1 %100.00 13
AhnLab V3 Mobile version 2.1 — Google Play 5.5 6 1 %99.76 12.5
Anguanjia Security Manager version 4.2 — Google Play 5.5 6 1 %99.44 12.5
Bitdefender Mobile Security Antivirus version 1.2 — Google Play 5.5 6 1 %99.91 12.5
Comodo Mobile Security version 2.3 — Google Play 5.5 6 1 %99.72 12.5
F-Secure Mobile Security version 8.3 — Google Play 5.5 6 1 %99.91 12.5
McAfee Mobile Security version 3.1 — Google Play 5.5 6 1 %99.95 12.5
NQ Mobile Security version 6.8 — Google Play 6 5.5 1 %100.00 12.5
Qihoo 360 Mobile Security version 1.4 — Google Play 5.5 6 1 %99.91 12.5
Quick Heal Total Security version 1.01 — Google Play 5.5 6 1 %99.72 12.5
Sophos Mobile Security version 3.0 — Google Play 5.5 6 1 %99.91 12.5
Webroot SecureAnywhere Mobile version 3.5 — Google Play 5.5 6 1 %99.86 12.5
AVG AntiVirus version 3.3 — Google Play 5.5 5.5 1 %99.86 12
Symantec Norton Mobile Security version 3.7 — Google Play 6 5 1 %100.00 12
Antiy AVL version 2.2 — Google Play 6 5.5 0 %100.00 11.5
Tencent Mobile Security Manager version 4.3 — Google Play 5.5 5 1 %99.91 11.5
Bornaria Mobile Security version 1.2 — Not on Google Play 3 6 1 %95.34 10
G Data Internet Security version 25.0 — Google Play 6 3 1 %100.00 10
AegisLab Antivirus Premium version 1.1 — Google Play 4 4 1 %97.55 9
Zoner Mobile Security version 1.1 — Google Play 0 6 1 %72.13 7
SPAMFighter VIRUSfighter Android version 2.13 — Google Play 0 6 0 %42.33 6

Topics: Security, Android

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • lots may exist but its about actually getting them

    on your device that's what matters. Tell you what, I'll write a android malware and give you an apk file in 1 hour, that perhaps spams your contact list.
    There, now there's 1.5million+1 new malwares out there this year. Nothing to do with android device security. But you'd have to enable sideloading and accept very questionable permissions requests. There aren't many for Apple because there's just no way to sideload them, and apple scrutinizes them heavily, so, few bother writing malwares. Developers know that its a nightmare to get an app submitted in general.

    With the abundance of cheap foreign android phones with no google play support, and dubious customizations that may also compromise system security, makes it worth writing a malware. That has nothing to do with me and my nexus 5.
    • I could say the samething with my Windows PC

      or Apple MacBook. The malware out there for Windows PC or Apple Mac have nothing to do with me or my systems.

      But the report is not for you or I. It is for general audience. Take the fact that there is malware problem whether it is for Windows, Mac, or Android and run with that.
      Ram U
      • you could say

        whatever you want, yet the truth is, that almost EVERY Windows user at one point has a malware annoyance experience . I personally don't know anyone to suffer it on Android.
        So many times it's been pointed out, MS Windows had never ever had any of the file permissions transparency, apps isolation, relatively secure repositories.
        For Windows you can only get AV. However, no afterthought fuzzy scanning software based on empirical algorithms with both high false negative and positive errors can substitute a well-thought design.
        • And the simple truth remains...

          ... Most of those issues were the user's fault.

          The majority of all malware, are trojans.

          Permissions can't fix something like this.

          When the "average" person sees a "Print Money Free!" program, they'll see a pop-up warning them if they want to install the program.

          Chances are, they'll ignore it and click "Yes", simply because they truly believe that it'll print money for them.

          You can't cure stupidity, you can only restrict and alleviate it.
          • trojans

            can do less harm if you isolate the apps. If you let a user see what an app can do if is installed it gives you a nice warning right there. Of course it's much more sure to have secure repositories like those of GNU Linux or *BSD distros -- a really unthinkable luxury in the MS Windows world.
        • LoL

          it seems you went to everybody's machine and got that conclusion. No, I never had issue of malware on my machines at any point, whether it was DOS, Xenix, Unix, Windows, Linux, OSX or BSD. It depends upon two things, user, and his/her activities on the system that brings malware issue. Design or code underneath are not the issues.
          Ram U
          • Ram U

            memento 50 millions victims of Loveletter. I even had a privilege to know a few dozens.
          • In a world with a few hundred million Windows machines in use...

            ..50 million is hardly "almost every" user.

            I'm in the same boat as Ram U for what its worth. Ironically, the closest I've come to personally having a malware infection was on a Mac back in 1998 when I decided to open some Excel documents from work that had a macro virus on them. Even at the height of "security by obscurity", I still had the forethought to keep AV software on my Mac, which took care of that problem pretty quick.

            Regardless of whether it's a virus, a trojan, a worm, or whatever, malware has always been about user diligence in some fashion. It's only been in the last decade when malware on non-Microsoft OS's has become more prevalent that certain flag-waving folk have decided that "trojans" aren't so important because they somehow represent an even bigger lack of diligence on the part of users.

            Truth is, whether I pull a gun and shoot a child, or whether a parent leaves a gun on under the bed and a child finds it and shoots himself, the end result is pretty much the same from the point of view of the victim.
          • The hard fact about Microsoft Windows is ...

            ...that OS is itself a malware with NSA-tools preinstalled on it.

            Most secure platforms are FreeBSD (number one) and Linux (number two).

            Those believing that Windows is secure are living in fantasies.
        • you could say

          "whatever you want, yet the truth is, that almost EVERY Windows user at one point has a malware annoyance experience"

          Given Windows goes back like what, 20 years, sure, lets equate someone getting malware on Android yesterday as acceptable, because someone got malware on Windows 10 years ago.

          Nice try at the spin though eulampius, you almost had people forgetting this is about Android's CURRENT malware problem.... ;)
          • Wilkie

            10 years ago, the state of malware things were much more pathetic. Some user apps on XP would require admin permissions. mostly due to messed up implementation. AutoRun and AutoPlay, no classical and practical Unix (execution) permissions were and are not in place, hence you could get infected by simply opening a file, clicking on a link etc.
            Should I continue?
          • 10 years ago...

            ..we were all still using those old-fashioned devices known as "computers" to access the interwebs. We're past that now - this article is about this year and next year, not last decade.
          • Android-security problem is great big MYTH...

            ... or just poor FUD run by Microsoft and Apple. In real life the true danger for internet are Windows-pc - those millions and millions of bot machines.

            People should move to Linux or FreeBSD. Open source is much more secure.
        • @eulampius

          "no afterthought fuzzy scanning software based on empirical algorithms with both high false negative and positive errors can substitute a well-thought design"

          You DO realize that Google uses 'fuzzy scanning' for both apps and Chrome extensions in Google Play, no? And Google also provides, via Google Play, a scanning app for Android versions back to 2.3 (primarily for users that choose to side-load apps).

          And, regarding 'a well-thought design', SEAndroid (SELinux for Android) *finally* made its debut with Android version 4.3, except that the SEAndroid policies were permissive. In any case, SEAndroid is a bolt-on for Android, as was support for multiple user profiles introduced around 4.0 or 4.1.

          Am curious, how many Open Handset Alliance devices with Kit Kat have SEAndroid in enforcing mode? And how complete are the SEAndroid policies? Ditto for the various AOSP-based devices using Kit Kat.

          "For Windows you can only get AV"

          Not true:
          o Sandboxing via Windows integrity levels, since Windows Vista, and 3rd party sandboxing software since Windows XP (and note that Google uses sandboxing capability built into Windows NT to sandbox its Chrome browser on Windows XP)
          o Application whitelisting via Windows Software Restriction Policy, since Windows Vista, and 3rd party applications since Windows 98
          o Reboot-to-restore software via 3rd party apps since Windows XP and via refresh, reset and restore options in Windows 8
          o DEP since Windows XP
          o ASLR since Windows Vista
          o Enhanced DEP/ASLR via Microsoft's EMET for Windows XP forward, though no ASLR support for Windows XP

          Finally, the most important action that users can take to enhance their security is to keep their OS and applications up-to-date. Except, with Android, for both OHA- and AOSP-based, the users often can't keep the OS and default applications up-to-date because most manufacturers and carriers do such a poor job of providing security updates to their devices. And Google's forcing the removal of the CyanogenMod install app from Google Play was a step in the wrong direction as prompt security updates constitute an important CyanogenMod security feature.
          Rabid Howler Monkey
          • @Rabid

            your love of contradiction amazes me sometimes.
            >>o Sandboxing via Windows
            The keywords are "enforcement" and "practicality". You simply cannot install anything on Android without being in a sandbox. Not the case with any version Windows.
            ASLR was first implemented as a Linux module and first adopted by OpenBSD. Nevertheless, ASLR would usually not prevent you from getting a trojan.

            >>o Reboot-to-restore software via 3rd party
            evidently, not very practical. Third party is an MS term. You are well aware that Linux and *BSD distros got this taken care of much more efficiently. So once again, for MS Windows no reliable, secure and practical software repositories . No centralization and management of both installation and update.

            o No permission transparency.
            So what was your point again?
        • you personally dont know

          recently a fact came out that the torch light app that uses camera flash as torch was collecting all your information even though you declined while installing. This is just this week's example. And in MOBILE world android is the main target.
          • collects what information

            the length of your penis?
          • probably yours is also collected.

            Sorry I couldn't resist.
            Ram U
          • If that was happening in Windows

            people would be screaming about how insecure Windows is, but somehow mobile operating systems get overlooked by that same level of scrutiny.

            Honestly if you took half of the apps in either Android or Apple store and watched what they were really doing people would be alarmed. If those same apps tried to do the same things in Linux, Windows or OSx they would get flagged as malware and kicked to the curb.

            Why bother trying to hack into a phone when submitting an app to the app store works just as well.
          • 1.5 billion people are using smartphones/tablets now

            and compared theme to those 1.6 billion using portables/desktops their security problems are minumum: no "BSOD", few "rebooting cycles", no system chaos - like those pathetic victims of Windows ecosystem of PC.