Google App Verification Service Detects Only 15% of Infected Apps 99
ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."
It's a placebo (Score:3, Funny)
Much like Windows Defender. Or in the case of Window 8, Window Defender.
Re: (Score:1, Insightful)
Re: (Score:1)
No he's merely pointing out that if any story on slashdot appears to cast android/google or FOSS in a bad light, then you can guarantee that the thread will fill up with trolls trying to stop the conversation even getting started.
These are hard core linux fanatics doing this. Don't be fooled
Re: (Score:1)
What malware problem?
The malware problem malware solution vendors are selling solutions to.
The "Researchers" responsible for this claim are/is Xuxian Jiang, head of NQ Mobile Security, "Powerful protection for your phone." http://en.nq.com/ [nq.com].
Traditional malware protection vendors are like buggy-whip polish sellers (made from pure snake oil!). As Windows goes through its death throes, they're dropping off the carcass and looking for a healthy host to hook their parasitic little jaws into..
Hence the spate of Android malware accusa
Re: (Score:1)
windows is fading out of relevance, but never let a lazy microsoft troll poo poo on the bashing of an irrelevant OS!
I wonder what trolls are going to move to in the next year or two?
http://communities-dominate.blogs.com/brands/2012/12/android-won-windows-lost-now-what-the-battle-of-the-century-is-decided-microsoft-relegated-to-ever-s.html [blogs.com]
Re: (Score:1)
Android (linux) is so far ahead of Microsoft and Apple in sales that your trolling is comedy.
Re: (Score:2)
You forgot to count "servers".
Re:It's a placebo (Score:5, Insightful)
What malware problem?
You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?
That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.
Re: (Score:3)
Well, yes. I expect my computer to just work, I am entitled to that which I paid for. If Android can't just work then I have no reason to leave the Apple ecosystem.
So what will you do when your Apple device doesn't just work?
http://www.forbes.com/sites/adriankingsleyhughes/2012/07/06/first-ios-malware-hits-app-store/
Incorrect use of word "Malware" (Score:2)
So what will you do when your Apple device doesn't just work?
And then you link to a story about ONE app that uploaded an address book somewhere. That was it.
How is that Malware? At best it's spyware. And it wouldn't even be able to do that under iOS6 without asking for permission to access contacts.
Meanwhile probably 25 of Android software is scraping your contacts but who cares about that? It's just expected on Android that most apps will violate you somehow I guess.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
> "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this"
You might not believe me, but this is not a definition of malware. Malware does "mal" with the "ware" you provided.
Re: (Score:2)
What malware problem?
You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?
That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.
I'm confused. Are you a Windows or Android apologist?
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
He's relating android to MSE which also ranks poorly against the alternatives.
It depends on what you want in your AV. According to the testing firm, MSE scores well in detecting and blocking widespread and recent infections, which in their tests represent over 270,000 samples. MSE scored poorly in detecting zero day exploits, which represented 100 samples. MSE also scored better than average in system impact and false positives. For those that scored higher on detecting malware, you also see higher system impact and false positives. MSE had the lowest system impact of any AV solution
Re: (Score:2)
Meh. I figure you're joking but the decade-old meme is getting, well, old.
As far as the free antivirus solutions go for PC, it's one of the top three fairly consistently on the reviews I've come across. And with Windows 8 - it's automatically installed and running in the background so the n00b end-user we all love to complain about should be less of a vector than usual. This is typically regarded as a good thing for most sane folks.
So yeah, a little more than just a placebo.
the methods are probably patented (Score:1)
chances are that Lookout and others have already patented their methods and google should just use their work for free and then call them patent trolls and how their inventions are totally obvious
Re: (Score:1)
You've got a (fairly-low) 6-digit user ID, yet you're trolling like a common AC. You seem to have some sort of vendetta against Google. Maybe you should just...drop whatever silly little issue it is that you have with them and just get on with life?
Re: (Score:2)
umm, you realize that a ton of troll accounts were created in the 175k-230k UID range, right?
He basically forgot to click the Anon box.
Re: (Score:2)
Actually no, I did not realise that. My own user ID is a good reflection upon when I joined Slashdot. Was there some sort of botting incident or something that happened before then?
Re: (Score:2)
Damn. That explains a lot.
Re: (Score:2)
hahaha :) a ton != all.
No problem here (Score:2)
Whew luckily no problem here, my motorola defy has so much crapware in the rom, almost as bad as a windows PC, that is so out of date that it's all got updates (now wasting twice the memory) that I don't have to worry about "apps" because I have no space to download apps after installing a very basic set of apps (dropbox, kindle reader, tunein radio, evernote, runkeeper, that kind of can't live without it stuff)
Probably google would make a heck of a lot more money forcing mfgrs to make it possible for users
Re: (Score:3, Insightful)
Re: (Score:3)
Because his complaint is really the crap that was in the ROM his provider installed. Not malware.
There are two solutions for this, the first being do some research before buying a smartphone the other being install a ROM that does not include this sort of bloatware.
Re: (Score:2)
Re: (Score:2)
Perhaps you should look in a mirror for who to blame on that purchase? Next time do a little research.
Re: (Score:1)
Awesome. Everyone has to vet their own app purchases. Perhaps read the source code too.
Just like you verify & test the wiring harness in every car you buy, right?
No, it's not a huge fucking redundant waste of time or anything, right?
Re: (Score:2)
Way to not read the GP at all.
He is discussing bloatware that came with his phone, not malware he bought later. Had he bought a device with 4.0+ he could disable it, but that would not get him the space back either. If you are about to tell me about some uninstall updates button and no disable, press that button and you shall receive the disable button.
Typical Stupid AC, if you had some brains maybe you could figure out how to get an account.
False positive rate? (Score:5, Interesting)
I wonder, what's the false positive rate on these "third-party" systems? It's easy to make a system that detects 100% of malware as malware - just deny everything.
Re: (Score:2)
Exactly. And it's not even a rookie mistake, the guy is an assoicate professor, yet there is a whole angle of his research missing. Might be just a rush to get it done before anyone else?
We've known virus scanners don't work since. (Score:3, Insightful)
What? 2000, maybe? More specifically, they're part of the test cases of virus writers, who develop until they are circumvented. Why would anyone imagine they do anything useful?
15% detection rate? (Score:5, Funny)
Re:15% detection rate? (Score:4, Funny)
So be careful not to live next to him, he has already shown he will do it.
Re: (Score:1)
I don't want/need this on my phone. (Score:5, Insightful)
I don't want/need additional bloat on my phone - I don't install random apps, and I'm quite comfortable wiping the phone to update it. Sure, I'll use a scanner if/when I start installing random things, but it's basic online hygene. I don't install random programs on my computer, but I do use a 3rd party antivirus because of all the browsing I do. That isn't something I do on my phone, and when it is, I will take the appropriate precautions.
Re: (Score:1)
I don't want or need it either. I have an iPhone.
Bias? (Score:5, Interesting)
The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?
Will they follow up in 6 months? Doubtful, since the results would put Google near the lead, and this article looks like anti-Google.
What happened to researchers these days? Where's the objectivity?
Re: (Score:1)
The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?
In other words... its functionality was reviewed in a similar manner to iOS Maps?
Re: (Score:1)
Re: (Score:3)
Your premise is wrong. Why should any kind of antivirues algorithm/software be excused for being "new"? You're either capable of detecting malware or you don't release. You aren't supposed to "learn on the job" with malware detection
Re: (Score:2)
Re: (Score:2)
Would you apply this logic to all products and services, including those made by Apple, Sony, and Microsoft? How long should a service be available before a review or study is acceptable?
Or maybe... (Score:5, Insightful)
Re: (Score:1)
115% ? ... because of false positives
Re: (Score:1)
so the "walled garden" has at least one advantage?
But, it's 100% at reporting your apps to Google (Score:2)
n/t
Infected? (Score:2)
Explain. (Score:2)
So who detected the remaining 85% in order to give us this statistic of 15% detection rate? And why isn't that being used instead?
Re:Explain. (Score:5, Informative)
All the samples fed to the various detectors were infected, that's the problem with this "research", they lack a control group.
Actual detection? (Score:3)
Does any of the mentioned "existing third party products" really DETECT malware? Or do they only check apks against lists of manually compiled checksums?
Why "only"? (Score:2)
It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.
Re: (Score:2)
It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.
But looking at the alternatives (from TFA) even lowly ClamAV detected 51%, and two of the commercial programs detected 100% of the malware samples (looks like Avast and Symantec).
If you're beaten by ClamAV, well man, that is embarrassing. Oh, and Clam is free as well.
Re: (Score:2)
clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.
Re: (Score:2)
clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.
Users aren't concerned with how it works, only if it works, and to some extent how much it costs. The Google service may actually be harmful by giving a false sense of security to noob users.
Re: (Score:2)
Not really, because it gives users a false sense of security - they belive the apps have been scanner, but they've been scanner rather poorly.
Re: (Score:2)
still better than not scanned.
Re: (Score:2)
Not really.
If you tell users that apps have been scanned, they install them with a [false] sense of security, beliving that the scanning process is protecting them.
If you tell them stuff isn't scanned, they'll probably tend to be slightly more careful (lots will still screw up though).
Re: (Score:2)
Google does not tell its scanning. It just does it, and alerts the user, if its malware-positive. If its negative, the user gets no message at all.