Phone App Flim-Flam

How much do you really know about — and how much should you really trust — the apps that you are downloading and installing on your phone?

best_android_phone_uk_phonesLast week I ran across an on-line article with the unnerving headline “Two-thirds of all Android antivirus apps are frauds.”  The article reports on testing that was performed by an Austrian group called AV-Comparatives that specializes in testing antivirus products.  The group looked at 250 Android antivirus apps that were available on the Google Play Store.  It installed the apps on phones, then tried to download malicious software that was in use last year and therefore should be detected by any decent, functioning antivirus app.

The testing found that more than half of the apps didn’t work as advertised.  Many didn’t “scan” and analyze the code of the downloaded software at all, and instead just checked the title of the software against “whitelists” and “blacklists.”  As a result, some antivirus apps found themselves to be malware because the developers forgot to include them on the “whitelist” of approved software.  In addition, some apps were easily fooled because package names that included references to reputable software creators, like “com.adobe,” could bypass the software and permit malware to be installed without detection.

In all, the Austrian group found that 170 of the 250 antivirus apps failed the basic detection tests and were either ineffective or unsafe.  AV-Comparatives concluded that many of the apps were developed by amateurs or were basically being used as platforms for ads and were not legitimate antivirus protection.

I use an Apple iPhone, so I’m not directly affected by issues with Android antivirus apps, but the testing of the antivirus apps raises a more basic question — how are apps being screened, and how much of what is made available to the general public, on either a free or paid basis, is valid and works as advertised?  And, even worse, is anyone trustworthy actually looking at the apps to see whether they are vehicles for getting access to personal phones for fraudulent purposes?  How does anyone know that the app they are downloading isn’t a technological Trojan horse?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s