iconimg Thursday, July 30, 2015

Agence France-Presse
December 11, 2012
Android users concerned about potentially dangerous apps still need to use other anti-virus and malware detection software in addition to Google's new service to ensure device security, a report has found.

Xuxian Jiang, an associate professor in the Department of Computer Science at NC State University, tested Google's App Verification service on a Nexus 10 tablet against 1,260 samples of known Android malware and discovered that it was only capable of identifying and preventing the installation of 193 infected apps -- a detection rate of only 15.32 percent.

Google's App Verification Service was introduced on November 15 as a standard feature on Jellybean 4.2, the latest version of the Android operating system, in an effort to address the growing risk of malicious apps appearing on the Google Play store and Android's apparent lack of in-built robust anti-virus and malware protection.

To validate his findings and put them into context, Xuxian Jiang also tested Google's App Verification service against 10 existing third party anti-virus engines using a randomly selected sample of malware from each known malware family.

In this test, Google's service was able to indentify 20.41 percent of threats, while the other anti-virus engines managed between a 51.02-percent and 100-percent detection rate.

In his conclusion, Xuxian Jiang notes, "By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement."

He also points to Google's recent acquisition of Virus Total, which performed well in the anti-virus comparison tests, and believes that the search giant will eventually add Virus Total functionality to its existing app verification service. However, what is clear is that until the service improves, Android users will need to seek a second opinion about potentially suspect apps, rather than basing their decision solely on Google's current service.