Android 4.2 Only Catches 15 Percent of Malware
In testing, the operating system's app verification service performed far worse than third-party security applications.
According to North Carolina State University associate professor Xuxian Jiang, the new application verification service that's part of Android 4.2 was only able to detect 193 of 1,260 malware samples in recent testing, a disappointing detection rate of 15.32 percent.
"Jiang also found the performance of Google's app verification lagged well behind the performance of 10 representative antivirus apps offered by third-party companies such as Avast, Symantec, and Kaspersky Lab," writes Ars Technica's Dan Goodin. "He did this by picking a pseudo random code sample from each of 49 malware families. Overall, the detection rates of the AV packages was 51 percent to 100 percent, compared with 20 percent for the Google service, which is included with the Google Play app."
"In his study, Jiang says that the app verification service's reliance on SHA1 cryptographic hashes to identify malware files 'is fragile and can be easily bypassed,'" writes InformationWeek's Thomas Claburn. "Malware authors can simply repackage or alter their files to create different hash values, a fact that had forced the creators of computer security products to look beyond signature-based solutions."
"Jiang further observes that Google has not integrated VirusTotal -- a file-scanning security service which it bought in September -- into the Android platform, but that VirusTotal performed significantly better than the app verification service in Jiang's tests," writes The Register's Neil McAllister.