Android antivirus products compared

Android antivirus products compared

Summary: [UPDATED] Independent test lab AV-Test compared 30 Android antivirus products. There are some winners and some serious failures. But do you really need any of them?

TOPICS: Android, Security

[Correction: An earlier version of this story listed Symantec Mobile Security, the company's enterprise solution, as one of the products tested. AV-Test in fact tested Norton Mobile Security, the consumer product.]

Independent test lab AV-Test has completed a comparison of 30 antivirus products for Android.  The comparison included: 

 AVG AntiVirus Free
 AegisLab Antivirus Premium
 AhnLab V3 Mobile 2.0
 Antiy AVL
 Armor for Android Armor for Android
 avast! Mobile Security
 Bitdefender Mobile Security Antivirus
 Bornaria Mobile Security
 Comodo Mobile Security
 ESET Mobile Security

 F-Secure Mobile Security
 G Data MobileSecurity
 Ikarus Mobile Security
 Kaspersky Mobile Security
 Kingsoft Mobile Security
 Lookout Security & Antivirus
 McAfee Mobile Security
 MicroWorld Mobile Security
 Norton Mobile Security
 Qihoo 360 Mobile Safe


 Qihoo 360 Mobile Security
 Quick Heal Total Security
 SUVsoft Mobile Security
 Sophos Mobile Security
 Tencent Mobile Security Manager
 Trend Micro Mobile Security
 TrustGo Mobile Security
 SPAMfighter VIRUSfighter Android
 Webroot SecureAnywhere Mobile
 Zoner Mobile Security

All 30 products were tested in July, 2013 on Android 4.2.2.  The products scanned 1972 malware samples. 7 of the products detected 100% of the samples. 16 more detected 98% or better. The real problems came for these products:

  • AegisLab Antivirus Premium 63.6%
  • Bornaria Mobile Security 84.6%
  • SPAMfighter VIRUSfighter Android 68.0%
  • Zoner Mobile Security 63.6%

The average detection rate for all products was 95.2% and the median was 99.2%

AV-Test checked for 3 broadly-defined performance metrics:

  1. The app does not impact the battery life
  2. The app does not slow down the device during normal usage
  3. The app does not generate too much traffic

Early versions of Android anti-malware got a bad reputation on all 3 fronts, but — surprisingly — the only negative mark was on Norton Mobile Security for generating too much traffic.

The comparison also checks the products for certain features:

  • Anti-Theft (Remote-Lock / Remote-Wipe / Locate): Locate, Lock or Wipe your device when it is lost or stolen
  • Call Blocker: Block calls from specific or unknown numbers
  • Message Filter: Filter messages and/or mails for unwanted content
  • Safe Browsing: Protection of malicious websites and/or against phishing
  • Parental Control: Features to control or observe the activity of children on the device
  • Backup: Personal data can be saved to SD-card or cloud storage
  • Encryption: Any kind of encryption is supported (e.g. device encryption, SD-card encryption or VPN)

No products had all of the listed features. Several had none of them: Antiy AVL, Bornaria Mobile Security, Qihoo 360 Mobile Security and SPAMfighter VIRUSfighter Android.

Adding up points for detection, performance and features, 3 products got the maximum score in AV-Test's rankings: Bitdefender Mobile Security Antivirus, Kaspersky Mobile Security and Qihoo 360 Mobile Safe. 

Topics: Android, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • There Are No Android Viruses

    Windows gets viruses just from turning it on. Linux doesn't.
    • Wrong

      There is nothing preventing anyone from developing malware for ANY operating system, including Linux, except lack of interest by criminals due to dismal market share - it pays much more to devote efforts and resources to Windows, as it is the leader in the desktop segment. As recently reported by ZDnet, malware for desktop Linux (Hand of Thief) is already being offered in the underworld market.

      With about 70% of the current mobile market, Android is a natural target, and there are *tens of thousands* of known malware types for Android, coming through infected apps, malicious URLs and several other vectors. This is long known and acknowledged.
      • hypothesizing much?

        >>except lack of interest by criminals due to dismal market share
        Your theory without much thought, since there is other markets, like servers, where GNU/Linux has a pretty conspicuous presence. It's not hard to also find many inconsistencies in your theory. Say, on MS Windows infection would very often occur by means of opening an email attmnt or document, clicking on a "bad" URL, inserting a media (AutoRun) etc. We heard that was happening not because of the poor design and decisions of the OS, but because of Windows popularity. Android now is as popular as Windows. Where did you hear about any of those infection vectors on Android?

        >>Android is a natural target, *tens of thousands* of known malware types for Android
        You're confusing *availability* and *infection* rate, which is not the same thing. Like it was noted before, Android malware is installed by users outside of Google Play and/or when a user doesn't pay a proper enough attention to the permissions warning prior to installation.
        >>malicious URLs and several other vectors.
        This is your own made up vectors.
        • Linux is very much present on servers!

          But you neglect to say that the majority of those breaches, hacked, and drive by infected/compromised servers are Linux serving up those Windows infections. You do know the Linux kernel main distribution servers were compromised two years ago and they "claim" the hackers got in but did nothing?

          It seems no one reads from Kaspersky, scrolls down to their OS at the bottom of the home page, and actually reads the successful attacks on all of them and third party software as well.

          A reminder to not feed the trolls. Even the ones who use your OS.
      • Funny, I've been with ZDNet since 2005...

        ...and no one has ever been able to tell me how I can get my Linux infected in all that time and I have over 500 posts. I've asked doubters many, many times, but never any replies.
        • Correction: Google Gmail since 2005, Zdnet since 2006.

          It currently shows 473, but it was over 500, I posted on some of Ed Bott's artilces, and well, you know. They were deleted.
    • Oh.....

      Just grow up little child.
  • I tried Avast

    didn't like it. ALL I want out of an antivirus app is something I can open, scan my device with, quarantine and delete files if anything is found, then shut it down. what I don't want is a power hog app that wants to run constantly in the background, which is exactly what all these apps are.
    • Battery Hogs? Not necessarily.

      Avast isn't even listed in the top 10 for battery use on my phone. But I'm seriously beginning to wonder if an antivirus program is really necessary on Android especially with the additional security features in Android 4.3.
      • even if it uses not battery

        it's obtrusive and obnoxious
        • update

          after looking at the list I tried Qihoo 360 security. be default it's obtrusive like Avast, but unlike Avast it lets you turn those features off and I can use it to scan, then close it when I'm done. exactly what I wanted.
  • no need for AV on Android

    It makes sense if an OS gives up its own responsibility to protect itself and users to some fishy applications, aka AV. I know one such OS: MS Windows.

    Better use your good judgement before installing an app by looking at its permissions. Don't install outside of Google Play. Now with the advent of SELinux integration there might be even more flexibility with a lot more options to it.
    • eulampius: "SELinux integration"

      As of Android 4.3, SELinux is in permissive mode by default and one must root the device, download additional source code and recompile the Linux kernel in order to be able to create SELinux policies and set SELinux to enforcing mode. Samsung, with their forthcoming KNOX solution for the enterprise, is targeting enterprise mobile admins with the ability to create SELinux policies and set SELinux to enforcing.

      It remains to be seen what options will be available to consumer users of Android. I suspect that rooting one's Android device will be necessary if an individual wants to tweak SELinux on their Android device.

      What I'd like to see, eventually, are GUI-based SELinux options for individual users that allow toggling between permissive and enforcing mode as well as selecting two levels of security (e.g., low, high) under enforcing mode. [The original AppArmor team at Novell (now Attachmate SUSE) developed a very nice GUI for AppArmor that is accessible inside YaST. IMO, this is still too complicated for ordinary openSUSE/SLED desktop users.]
      Rabid Howler Monkey
      • Re: download additional source code and recompile the Linux kernel

        As opposed to ... what do you do to enable the equivalent of SELinux on IOS or Windows, again?
        • My understanding is that iOS (and OS X) incorporate elements of TrustedBSD

          "TrustedBSD Mandatory Access Control (MAC) Framework

          Elements of TrustedBSD are implemented on iOS/OS X as a kernel extension, seatbelt.kext, and there are policies just like with Linux Security Modules (SELinux uses 'policies', while AppArmor and Tomoyo use 'profiles'). More here:

          And I believe that most iOS users jailbreaking their devices (iPhone, iPad, iPod Touch) do so in order to escape various restrictions imposed by Apple such as the sandbox and various app policies we are discussing. [Many also jailbreak to get root access to iOS and install apps from outside of Apple's app store.] Whereas with Android (as of version 4.3), users must root their devices, assuming that Android version 4.3 is installed on them, in order to create SELinux policies and enforce them.

          @ldo17, your hatred of operating systems that are not Linux-based is tiresome.

          P.S. I'll leave to a Windows fan to cover similar features for Windows Phone 8 and Windows RT.
          Rabid Howler Monkey
      • No one gets infected with Linux, security is part of the kernel.

        It's just a non-issue. This article is an obvious attempt to influence newcomers, to make them believe AV is somehow necessary on Linux.

        My other post details using Google Public DNS to alleviate social engineering threats from phishing sites, probably the best protection out there aside from using the Netcraft toolbar. Possibly Google DNS is better given Googles' extensive resources.
        • i.e. Viruses are for Windows. When will these people actually try Linux?

          And try to get themselves infected without ever using any AV.

          In some ways it's a sales gimmic, trying to spin off the Microsoft Paradigm that AV is a necessary part of computing?

          Aside from Phishing and jailbreaking, which are totally out of the control of the OS, there aren't any problems with Android.
  • All that comparison and no results matrix?

    Why do all that if you aren't going to show us how they match up against each other? Let's see the matrix of products versus criteria. I use Lookout, but this article does not allow me to see how it compares with other products. What a waste!
    • All that comparison and no results matrix?

      But he does provide the link to the AV-Test site that did the test. I'd guess the results are copyrighted, so he can't include them here. Here's the direct link to the results.
      On the other hand, whoever made up the title of the article (commonly not the author), asked the question "But do you really need any of them?" for which I don't see any answer.
  • Take this comparative study by AV-Test for what it is

    If you choose to enable the installation of apps from unknown sources (a bad idea, IMO) on your Android device, having an anti-virus product from one of the top three performers installed on your device is a reasonable thing to do.

    The top three performers from this latest round of testing:

    o Bitdefender Mobile Security Antivirus
    o Kaspersky Mobile Security
    o Qihoo 360 Mobile Safe

    Kudos to AV-Test and all of the Android anti-virus vendors that submitted their products for testing. Pity that Google's Bouncer and Verify apps for Google Play couldn't somehow be evaluated as well.
    Rabid Howler Monkey