The reason why Google’s malware protection is unreliable

Google has been showcasing its built-in malware protection for Android, Play Protect, this year with the slogan “securing 2 billion users a day.” But according to new research, this couldn’t be further from the truth.

The research, conducted by independent testing organization AV-TEST, found that Google’s Play Protect scanning tool could only detect just over a third of malware samples out of 6,700 total. In other words, 4,000 examples of malware were able to sneak through Google’s own security protection.

  Warning: Malware can empty PayPal accounts

The results were so poor that the researchers warned Android users to install one of the other apps tested by the lab in addition to Google Play Protect. “Current testing indicates that Android users should not rely solely on Play Protect,” the researchers said.

Test 17 Android Apps

The AV-TEST lab put 17 Android security apps through a three-part test, with up to six points awarded for each category. Within this, the protection test gave each security app 6,700 malware apps to detect.

Of all the apps tested, Google Play Protect achieved the worst result by far, with a measly six points overall. In contrast, the best possible score of 18 points was achieved with security applications from Avira, Bitdefender, G Data, Kaspersky, NortonLifeLock, SK Telecom, and Trend Micro.

  New malware on Google Play Store affected more than 1 million users

Meanwhile, the securiON application achieved 17.5 points, while eight other applications achieved 17 and 16 points respectively in the test. The Google Play Protect result is so poor that it does not qualify for the AV-TEST certificate. This documents the proven security of one application, whereas all the other applications in the test did.

Google’s protection for Android also fails on false alarms

It worked in reverse as well. The TEST-AV lab tested a “false alarm” scenario, where a security application will classify something harmless as malware. In testing over 2,000 apps from Google Play and 850 from other sources, Google was also behind the other security apps, falsely marking 30 apps as a threat.

  Cerberus 3.0 – Triple protection for your Android!

“Google’s malware protection rates are really poor. So using a good security app is highly recommended, ”the researchers advise.

Although applications with the maximum score of 18 are paid for with annual license fees, TEST-AV believes that the cost is “worth it to users in exchange for their security.”

Android users are still plagued with problems

Android users face ongoing security issues, so this latest investigation will be yet another blow. In January, Google confirmed a critical flaw affecting Android 8 and 9. Meanwhile, the March Android security update came with more bad news. This time from a critical “rooting” vulnerability that is already being exploited.

  The OnePlus 6 will allow you to hide the notch of your screen

Last year, the problem seemed to get worse, but shortly thereafter Google acted by establishing the App Defense Alliance in collaboration with security companies ESET, Lookout, and Zimperium to help increase security on the Play Store.

That will get even better: Google Android 11 will offer more granular permissions. For its part, a Google campaign to reduce permissions has already impacted 55 billion Play Store installations.

Google says of its Google Play Protect: “All Android applications undergo rigorous security testing before appearing on the Google Play Store. We screen all apps and developers on Google Play, and we suspend those who violate our policies.

  We already have a date. AllThingsD confirms that Apple will introduce the new iPhone on September 12.

“Then Play Protect scans billions of apps daily to make sure everything remains perfect. That way, no matter where you download an app from, you know that Google Play Protect has verified it.

I reached out to Google for further feedback on this story and will update if they respond.

Google Android security: a tip

Android lacks Apple’s walled garden approach. As a user, you must accept that the ecosystem is somewhat fragmented, so you must take additional measures to stay safe.

John Opdenakker, a cybersecurity industry professional, says the test “confirms what we have known for a long time”: Google “does not protect its users from downloading malware-infected applications from its Play Store.”

  Netflix is ​​worth more than Disney, there is a specific reason

He says the test results are “quite shocking. Furthermore, it advises Android users to “do not trust Google’s malware detection capabilities and install a security app.”

In addition to installing additional security applications in addition to Google Play Protect, security researcher Sean Wright advises users to “do your homework” before installing any application: “Don’t install it blindly.”

Ian Thornton-Trump, CISO of Cyjax, agrees: “The key to applications is doing research on them. Google the app, read the reviews, and take a moment and ask why an alpine ski app needs access to your contacts, messages, camera or microphone.

It’s also a good idea to keep your phone clean, and not just with antibacterial wipes. “If you haven’t used an app in the last six months, turn off your phone to reduce its attack surface,” says Thornton-Trump, adding that as an Android user, “you need to keep your phone up to date.”

  Google’s RCS Chat is now expanding to the Samsung Messages app

Android users, you can keep your phone safe, as long as you are proactive about it. Follow the tips I’ve outlined here and make sure you have another security app installed in addition to Google Play Protect.