Site icon Sophos News

Sophos detects 100% of Android malware in independent test – for the sixth time in a row

AV-Test mobile certifiedI have some great news for users of Sophos Mobile Security, our Android antivirus and security app. Independent IT security institute AV-Test has awarded Sophos another perfect protection score in a July 2015 test of mobile antivirus applications – the sixth test in a row where we scored 100% detection.

Although we’ve aced this Android security test every time for the past year, this particular test was actually quite different from the previous tests run by AV-Test. And we think the difference is really important.

Prior to the July test, AV-Test used a two-run scan: first an on-demand scan, followed by an on-access scan test. The on-demand test is a bulk scan to see if a security tool detects the entire set of malware files used in the test. The on-access scan involves loading a set of malicious apps on a physical mobile device to see if the antivirus detects the malware when it is installed or run.

In July, AV-Test introduced a new “real-time on-access” test, where all apps were reviewed simultaneously on 40 Android smartphones. In addition to testing vendors’ antivirus apps for their detection of malware discovered in the past four weeks, this new test measures proactive detection of the latest Android zero-day threats in real time.

Since this was the first time the test ran, there is no history to compare to. But we think the new test paints a more accurate picture of how security apps perform in the real world, outside of the labs. For that reason we applaud AV-Test and their continued efforts to improve testing – it’s good for the security industry, helping us to continually improve our products, and so benefits our users as well.

Sophos’s Android antivirus stood up very well in the new test – we were one of only 5 out of 26 vendors with perfect malware detection. Sophos is proud to be among this select group.

Android malware – the threat is real and growing

You may have heard some people arguing that the threat of Android malware is overhyped. For instance, Android’s chief security engineer has claimed that Android users shouldn’t bother with antivirus.

Although the risk of Android malware is considerably smaller than that for Windows, we disagree with those critics (Google included). The Android threat is real – and even in Google Play, where malicious apps are discovered from time to time, despite Google’s generally good track record of keeping the Android marketplace clean.

Outside of Google Play, where untrusted developers are given a free pass by unscrupulous app markets, it’s a different story. In just the first six months of 2015, SophosLabs has discovered 610,389 new Android malware samples, bringing the total to approximately 1.9 million.

It’s not just malware we need to be concerned about – we’ve seen another 1 million apps that, while not malware in the strictest definition, nevertheless exhibit sketchy behaviors. These apps, which we call potentially unwanted apps (PUA), may also threaten user privacy and security. Many PUAs contain adware, collect user data unnecessarily, or deceive users with phony malware pop-ups and other scammy behavior.

(You can see in the chart above the rapid growth of cumulative samples of Android malware and PUA detected by SophosLabs, January 2013 – June 2015.)

Of course, you shouldn’t rely solely on antivirus to protect your Android devices and the personal data you store and access on them.

As AV-Test’s Hendrik Pilz noted recently, smartphones are a very lucrative target for a cybercriminal – many people are now using their Android devices as a primary way to access their most sensitive data, from private photos to email and their bank accounts.

That’s why Hendrik recommends Android security apps that come with extra features, such as an app adviser that “clearly and succinctly indicates the possible security risks of a new app,” allowing the user to make a well-informed decision before installing an app.

We agree, which is why Sophos Mobile Security goes way beyond antivirus – with a privacy advisor, spam protection against unwanted calls or SMS messages, web protection against malicious websites, added security for sensitive apps, device encryption, parental controls, and anti-theft controls. We offer all of these features in a user-friendly app that’s simple to manage. And it’s completely free on Google Play.

A note on false positives

In AV-Test’s July 2015 malware test, Sophos’s Android security app received a lower score in the Usability category as a result of two false positives that AV-Test said we erroneously flagged as dangerous apps.

We’d like to point out (as we did to AV-Test) that the two samples in question were signed by a developer certificate that has been abused in the past to sign both malware and PUAs. In general, our policy (which mirrors Google’s) is to block any samples that are signed with a certificate that has been associated with malware, as the author can no longer be trusted. By warning users about apps signed with low-reputation developer certificates, we’re helping users make more informed decisions about the risks to their security.

We think our position is sensible and supports a better system where app developers should invest in their reputation. It’s good for users, good for legitimate developers, and bad for malicious app authors or those who deliberately want to play at the edges.

Sophos Mobile Security

Sophos Mobile Security is a free, award-winning Android security app that has been downloaded more than 500,000 times from Google Play. It protects your Android devices from malware with up-to-the-minute intelligence from SophosLabs, without impacting performance or battery life. Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email.

It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product.

Exit mobile version