back to article Google Play Protect is 'dead last' at fingering malware on Android

Last month, German software testing laboratory AV-Test threw malware at 20 Android antivirus systems – and now the results aren't particularly great for Google. Its Play Protect system, which is supposed block malicious apps from running on your handheld, was beaten by every other anti-malware vendor. When exposed to recent …

  1. Anonymous Coward
    Anonymous Coward

    Ahn Lab coming first ...

    so maybe I should be less annoyed at my employer forcing the AhnLab V3 security suite onto my computers. Still annoying though.

    Fun fact: Ahn Cheol Soo came third in the last Korean presidential election.

    1. shifty_powers

      Re: Ahn Lab coming first ...

      Nope. They are simply in alphabetical order.

    2. viscount

      Re: Ahn Lab coming first ...

      Do you also think the aardvark is the best animal?

      1. Jeffrey Nonken

        Re: Ahn Lab coming first ...

        Are you saying the aardvark is NOT the best animal?!

        That's nonsense! Aardvarks are aawesome!

        1. Tigra 07

          Re: Ahn Lab coming first ...

          The duck-billed platypus is clearly the best animal... It's like it was made from spare body parts.

  2. Anonymous Coward
    Anonymous Coward

    It's a shame the testing didn't do zero-day malware testing as well. It should be possible for any well-connected/well-resourced company to get 100% in known malware detection. Detecting suspicious activity in apps that aren't yet flagged would be even more useful.

    Perhaps the Google product tries to use heuristics rather than signatures to do most of its detecting and that is why is scores low in these tests?

    1. Anonymous Coward
      Anonymous Coward

      Agreed. I believe this is where the real strength of google play protect is.

    2. Allan George Dyer Silver badge

      Perhaps there is a terminology problem. AFAIK, "zero-day" means "not known by security researchers before it was seen in the real world in malicious activity", and is usually only applied to vulnerabilities. Malware writers don't send their creations to security researchers before using them on victims, so all malware in the wild could be described as zero-day, making the category meaningless.

      I'm curious how you would go about doing a comparative test against malicious apps that aren't known to be malicious. If you check the details of AC Test's Real-World Testing, I think they have a good procedure to present the same current threats to all the software under test simultaneously.

      Using a combination of techniques, including known malware definitions (signatures is a misleading term) and heuristics, is standard across anti-malware developers.

  3. Anonymous Coward
    Anonymous Coward

    I've never understood why these tests don't show 100% for every vendor. If a piece of malware is known to the testing lab then why on earth is it not known to the AV vendors? If you're spending money then an AV product with anything less than 100% should *never* be purchased. They'd soon up their game.

    1. Tigra 07

      RE: AC

      Different analysis techniques? How many false positives did these security suites also manage? I was expecting at least a mention.

  4. Anonymous Coward
    Anonymous Coward

    Inquiring lazy minds want to know

    Who are the six?

  5. sloshnmosh

    I had suspected this. I have an Android emulator that I install malware laden apps on to and the silly "Play Protect" never says a word.

    The truth of the matter is most of these so-called "antivirus" Android applications do nothing but scan all your files, videos, music, pictures, network, Bluetooth connections and browsing habits and in some cases your "Whatsapp" messages as well as become Device Administrators sending ALL of that data to their "affiliates".

    The several I have tested are loaded with "analytic" engines and advertising SDK's which sometimes serve up fake virus warnings in the ads

    .

    2 of the "antivirus" apps I've tested aggregate and graph the users Facebook "likes" and Twitter #HASHTAGS by stealing the users access tokens.

    And one well known and "respected" "antivirus" applications had a Java based SSH (JSch) hidden inside of it and when I questioned the company about it's function they lied.

    I've been warning users about these so-called "antivirus" apps for some time and now that Google has silently pushed the same scam on to millions of users without asking or having the ability to remove it I now know Google is complicit.

    1. Matthew 3

      You've tested 'several' and have concluded that 'most of' them do nothing. Care to share your data for peer review, or name the offenders, perhaps?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021