When Android 4.2 was released, users rejoiced at a particularly welcome set of news: the latest version of our favorite operating system would be the first one to include a built-in anti-malware app scanner.
That’s great, right? Since the Google Play Store is a free-for-all in terms of app verification (app developers can basically upload whatever they want to the store), it’s nice that Google decided to add a little extra protection for its users.
But there’s a big catch to this built-in malware scanner. And that catch is that it doesn’t work. In a recent security study, Android 4.2’s app verification system detected a measly 15% of malicious apps that were being installed on the system. That was out of a group of 1260 malware signatures in total. In other words, Android prevented 193 malicious apps from being installed on the system but allowed another 1067 malicious apps to slip through the cracks.
How the built-in malware scanner works in Android 4.2
When you install the Android 4.2 update on your system, you’ll be greeted with a pop-up notification asking you if you want to verify all installed apps. If you ignore that popup, you can also enable app verification from the Settings > Security menu.
Once you enable that setting, Google will automatically scan every app using cloud-based signature detection. Google gathers important information like the size, name, and SHA1 hash value (whatever that is) of the app. This information gets compared to a regularly-updated database filled with malware threats. If the signature of the installed app matches a signature in the database, the user will be warned and Google will block the app’s installation.
The malware study was conducted by Xuxian Jiang, an Associate Professor at the Department of Computer Science at NC State University. The full detailed report can be found here, but it doesn’t look good for Android 4.2.
That report shows how poorly Android stacks up against other app verification services and antivirus solutions on the market today (although the specific programs are not named in the report):
Yikes! While 15% malware detection is better than 0% malware detection, users should still be on the alert for suspicious apps downloaded from the Google Play Store. Remember: if an app seems too good to be true, it probably is.