MythBuster: Do you need Antivirus on Android?

If you’ve been reading the web or browsing through news articles about Android, chances are you’ve come across a number of articles that claim Android is vulnerable to X attack, Y Malware, and Z Virus. Such articles would also claim that you should fear coz that vulnerability impacts 90% blah Android users.

android-antivirus

Not all of that is true! Anti-viruses are for those who don’t understand Android’s architecture.
So are these articles misleading? Mostly. Such reports are often exaggerated by various security firms and/or sponsored/promoted by various Antivirus companies who have nothing better to do than slowing down your priceless phones.

How secure is Android?

To understand this you’ll really have to dig deep into Android’s architecture and design principles.
Android, inherently, is fairly secure. With versions Android 4.2+, the security is pretty robust thanks to SELinux (Security Enhanced Linux, SEAndroid), contributed by NSA to Android open source project (AOSP).

android-layers-security

Android (since inception) uses something called Sandboxing. Its like building virtual walls across territories of apps. One app cannot cross that wall, no matter what. Cross sandbox communication can only happen through system-controlled media (IPC, Broadcasts, ContentProviders, etc). All of these are totally secure, and there’s no way an app can affect another one on the Android system.

The Android platform takes advantage of the Linux user-based protection as a means of identifying and isolating application resources. The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process. This approach is different from other operating systems (including the traditional Linux configuration), where multiple applications run with the same user permissions.

This sets up a kernel-level Application Sandbox. The kernel enforces security between applications and the system at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. By default, applications cannot interact with each other and applications have limited access to the operating system. If application A tries to do something malicious like read application B’s data or dial the phone without permission (which is a separate application), then the operating system protects against this because application A does not have the appropriate user privileges. The sandbox is simple, auditable, and based on decades-old UNIX-style user separation of processes and file permissions.

So Android OS is always this secure? Yes, the system cannot be compromised but your data can, when you install malware apps from source other than Play Store.

What are these malicious apps? These are apps that do more than they pretend. It could be as simple as a third party App store (e.g. App genie) which demands way too many App Permissions than it should. An app like App store should never need access to your contacts, fine location, calls, read sms, or Google accounts. Coz you installed the app agreeing to those permissions, Android assumes you’re fine by the app using all those permissions, and those apps will use your private data in the way they intend to, without you ever knowing it.

permissions

android-permissions

What should you do?

Don’t install apps that use permissions they shouldn’t. Google scans all apps published to Play store for any malware signatures, but if you find some app using more permissions than it should, don’t install it, use an alternative instead.

99.8% of malware came from outside the Google Play Store. So when you sideload apps or install apps from unknown sources take utmost care whom you trust.

apps-install-graph

What AntiViruses on Android do?

On a Windows PC, Antivirus looks for various signatures, behaviors to find malicious activity. However, its not possible to scan apps on android since Antivirus itself cannot cross app’s boundaries to read other apps. All it can check for is what apps are installed or are being installed. It can then alert users if any of those apps have been previously found to be malicious. Where PC antiviruses can detect potential new threats, antiviruses on Android are very handicapped. Unless and until an app has been identified as malicious by the antivirus company, the antivirus would let go any misbehaving app undetected.

Antivirus software on your smartphone works just about the same way as Google’s verification software. According to Google, “if you attempt to install an app from any source while app verification is turned on, your device may send information identifying the app to Google”.
This verification will walk through the whole process in the background, all without getting in the way (unless there’s a major red flag). Google’s anti-malware detector, Bouncer, also regularly scans for any app misbehavior or any activity that should be brought to your attention.

Having both antivirus software and the Play Services app installed is like having two of the same app on your phone. Both essentially doing redundant tasks. 

So Antiviruses are totally useless? Not always. They do have number of other security features like lost phone location detection, reporting malicious websites, block call/sms, firewall (rooted inly) etc. But all of these are mostly done by Android and various other app. Android device manager locates your lost Android phone, lets you erase it and more. Similarly, Chrome (default browser) can detect malicious sites. And there are other dedicated app which can do other tasks better than these feature-rich antiviruses.

Antivirus companies try hard to make their app look attractive by giving away bulk of feature list to impress you. You really don’t need those as long as you’ve other apps to get those done.

Google’s take on Android Security

Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users. Android, built on an open innovation model, has quietly resisted the locked down, total control model spawned by decades of Windows malware. Ludwig spoke today at the Virus Bulletin conference in Berlin because he has the data to dispute the claims of pervasive Android malware threats.

android-defense
Ludwig sees security in biological terms:

“A walled garden systems approach blocking predators and disease breaks down when rapid growth and evolution creates too much complexity. Android’s innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level.”

Google makes use of Center for Disease Control (CDC) than the PC security industry’s antiviruses. “The CDC knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks.”

The problem Google wants to solve is that most independent security researchers don’t have access to a platform such as Google’s to measure how many times a malware app has been installed. They are analogous to human disease researchers without a CDC to measure the size of a disease outbreak and coordinate a response. Security researchers are very good at finding and fixing malware, but in the absence of reliable data that indicate how frequently a malware app has been installed, the threat level can become exaggerated. Reports that reach publication are often extremely exaggerated. To emphasize this point, Ludwig revealed in his analysis that some of the most publicized recent malware discoveries are installed in less than one per million installations.

Google had introduced a new feature in 2012 called “Verify Apps”. Verify Apps intervenes when an app is downloaded, compares it to a large database of malware information curated by Google and warns the user if the app is potentially harmful. Verify Apps is also distributed to older Android versions by including it in updates to the Google Play app that is used to download apps from Google’s app store. Checking and blocking apps is enabled by default requiring a user to choose to disable it in order to circumvent its protection.

Using Verify Apps, Google collected this data outside of the protected perimeter of the Google Play app store from installations “in the wild” where the incidence of malware is higher.

Almost 40% are “fraudware” apps that drain the users smartphone account by making premium telephone calls or sending premium SMS messages.

Another 40% classified as “rooting” apps are labeled as potentially harmful applications by Verify Apps, but they are not considered malicious. Smartphone hobbyists and developers frequently root their devices for many benign reasons such as installing custom Android versions like CyanogenMod or to remove carrier installed apps.

About 15% are commercial spyware, a diverse set of monitoring apps that range from tracking internet behavior to improve advertising to the very malicious keyloggers that collect personal information entered by the user and report it to the malware creator. The 6% balance is a diverse set of mainly malicious apps.

Verdict

If you install all your apps only from Play Store, you’re safe for 99.5% of the cases. You can raise it to 99.9% by spending time on assessing permissions each application uses at the time of install.

If you occasionally install apps from other sources make sure you’ve Verify apps enabled (Settings  > Security > Verify apps) and thoroughly check permissions app requires.

android-red

An antivirus will not give you additional security, what it will take away from your device is speed and battery life. You don’t need it if you’re little careful while installing apps. Live free, android is most secure OS out there, it won’t let you down till you drunkard install.

Subscribe to us @geeknizerFacebook FanpageGoogle+.

GD Star Rating
loading...
GD Star Rating
loading...
MythBuster: Do you need Antivirus on Android?, 6.9 out of 10 based on 8 ratings

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.