Forgot your password?
typodupeerror
Android Google Security IT

Google App Verification Service Detects Only 15% of Infected Apps 99

Posted by samzenpus
from the low-expectations dept.
ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."
This discussion has been archived. No new comments can be posted.

Google App Verification Service Detects Only 15% of Infected Apps

Comments Filter:
  • by Shaman (1148) <shaman@kosQUOTE.net minus punct> on Monday December 10, 2012 @11:20AM (#42242409) Homepage

    Much like Windows Defender. Or in the case of Window 8, Window Defender.

    • Re: (Score:1, Insightful)

      by Anonymous Coward
      First post bashes Windows 8 in completely unrelated story, modded +5 Funny already... yup, this is Slashdot. Looks like no one wants to talk about the malware problem on android, so let's bash Windows 8 instead!
      • by poetmatt (793785)

        windows is fading out of relevance, but never let a lazy microsoft troll poo poo on the bashing of an irrelevant OS!

        I wonder what trolls are going to move to in the next year or two?

        http://communities-dominate.blogs.com/brands/2012/12/android-won-windows-lost-now-what-the-battle-of-the-century-is-decided-microsoft-relegated-to-ever-s.html [blogs.com]

      • Re:It's a placebo (Score:5, Insightful)

        by Anonymous Coward on Monday December 10, 2012 @12:18PM (#42242969)

        What malware problem?

        You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?

        That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.

        • Except there are valid reasons to enable the ability to get external software until google builds in access to amazon and other sources. Also it naive to assume just because it is in google's store that it's safe and thanks to vague security warnings and an all or nothing approach google teaches uses to disregard safety.
          • by CastrTroy (595695)
            It's ok to sideload stuff from Amazon, and other markets, but that doesn't mean it shouldn't raise some red flags when the app asks for permissions it doesn't need. Also, if You're download a 99 cent app from a warez site, you are a cheapskate, and are almost asking to get conned. That's less than a cup of coffee, or a chocolate bar at most places.
            • Apparently you missed the submission last night with the guy complaining about an app costing something like $3. Not that I'm a skin flint but most people are when it comes to mobile software which is no surprise. if you buy some budget range Android phone (which I suspect are the majority of Android phones sold) then you're not exactly the sort to splash out cash on apps.
        • by mapkinase (958129)

          > "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this"

          You might not believe me, but this is not a definition of malware. Malware does "mal" with the "ware" you provided.

        • What malware problem?

          You mean the "problem" where a user downloads an .apk from a warez site, sideloads it into their phone, the phone tells them "hey, this program is requesting permission to look at everything on your phone's internal storage, send information to who-knows-what internet server, and make phone calls and send SMS messages on your dime, are you sure you want to go through with installing this" and the the user clicks "okay"?

          That "problem"? I'm not seeing the issue, here. I mean, at some point it becomes the user's fault.

          I'm confused. Are you a Windows or Android apologist?

        • by mutified (2792691)
          So, you believe that since someone is stupid they deserve to have their possession stolen? This is important because I know you're not the smartest guy and therefore you deserve the same thing. Good Luck with that attitude.
      • Except he has a point. He's relating android to MSE which also ranks poorly against the alternatives. The problem is people will trust the freebie from google (or MS) because they assume they would do everything to protect their software which is untrue if they're giving it away for free.
        • by Anonymous Coward

          He's relating android to MSE which also ranks poorly against the alternatives.

          It depends on what you want in your AV. According to the testing firm, MSE scores well in detecting and blocking widespread and recent infections, which in their tests represent over 270,000 samples. MSE scored poorly in detecting zero day exploits, which represented 100 samples. MSE also scored better than average in system impact and false positives. For those that scored higher on detecting malware, you also see higher system impact and false positives. MSE had the lowest system impact of any AV solution

    • by Xacid (560407)

      Meh. I figure you're joking but the decade-old meme is getting, well, old.

      As far as the free antivirus solutions go for PC, it's one of the top three fairly consistently on the reviews I've come across. And with Windows 8 - it's automatically installed and running in the background so the n00b end-user we all love to complain about should be less of a vector than usual. This is typically regarded as a good thing for most sane folks.

      So yeah, a little more than just a placebo.

  • chances are that Lookout and others have already patented their methods and google should just use their work for free and then call them patent trolls and how their inventions are totally obvious

    • by neokushan (932374)

      You've got a (fairly-low) 6-digit user ID, yet you're trolling like a common AC. You seem to have some sort of vendetta against Google. Maybe you should just...drop whatever silly little issue it is that you have with them and just get on with life?

      • by poetmatt (793785)

        umm, you realize that a ton of troll accounts were created in the 175k-230k UID range, right?

        He basically forgot to click the Anon box.

  • Whew luckily no problem here, my motorola defy has so much crapware in the rom, almost as bad as a windows PC, that is so out of date that it's all got updates (now wasting twice the memory) that I don't have to worry about "apps" because I have no space to download apps after installing a very basic set of apps (dropbox, kindle reader, tunein radio, evernote, runkeeper, that kind of can't live without it stuff)

    Probably google would make a heck of a lot more money forcing mfgrs to make it possible for users

    • Re: (Score:3, Insightful)

      by schitso (2541028)
      The solution. [cyanogenmod.org]
    • by h4rr4r (612664)

      Perhaps you should look in a mirror for who to blame on that purchase? Next time do a little research.

      • by Anonymous Coward

        Awesome. Everyone has to vet their own app purchases. Perhaps read the source code too.

        Just like you verify & test the wiring harness in every car you buy, right?

        No, it's not a huge fucking redundant waste of time or anything, right?

        • by h4rr4r (612664)

          Way to not read the GP at all.

          He is discussing bloatware that came with his phone, not malware he bought later. Had he bought a device with 4.0+ he could disable it, but that would not get him the space back either. If you are about to tell me about some uninstall updates button and no disable, press that button and you shall receive the disable button.

          Typical Stupid AC, if you had some brains maybe you could figure out how to get an account.

  • False positive rate? (Score:5, Interesting)

    by gman003 (1693318) on Monday December 10, 2012 @11:39AM (#42242585)

    I wonder, what's the false positive rate on these "third-party" systems? It's easy to make a system that detects 100% of malware as malware - just deny everything.

    • by Cenan (1892902)

      Exactly. And it's not even a rookie mistake, the guy is an assoicate professor, yet there is a whole angle of his research missing. Might be just a rush to get it done before anyone else?

  • by i kan reed (749298) on Monday December 10, 2012 @11:44AM (#42242647) Homepage Journal

    What? 2000, maybe? More specifically, they're part of the test cases of virus writers, who develop until they are circumvented. Why would anyone imagine they do anything useful?

  • by Revotron (1115029) on Monday December 10, 2012 @11:46AM (#42242657)
    McAfee would kill for that.
    • by h4rr4r (612664) on Monday December 10, 2012 @11:55AM (#42242753)

      So be careful not to live next to him, he has already shown he will do it.

    • I had an iPhone and I hated all the app restrictions. I am willing to deal with a little malware to have more open source phone. Plus 15% is not bad we have so many Virus ridden machines come in the store and they have Avast, Nortain or McAfee I really thing virus and malware detection is BS anymore.
  • by DavidClarkeHR (2769805) <david.clarke@nosPAM.hrgeneralist.ca> on Monday December 10, 2012 @11:47AM (#42242669)
    Well, it's a good thing there are 3rd party options.

    I don't want/need additional bloat on my phone - I don't install random apps, and I'm quite comfortable wiping the phone to update it. Sure, I'll use a scanner if/when I start installing random things, but it's basic online hygene. I don't install random programs on my computer, but I do use a 3rd party antivirus because of all the browsing I do. That isn't something I do on my phone, and when it is, I will take the appropriate precautions.
  • Bias? (Score:5, Interesting)

    by Anonymous Coward on Monday December 10, 2012 @11:49AM (#42242683)

    The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

    Will they follow up in 6 months? Doubtful, since the results would put Google near the lead, and this article looks like anti-Google.

    What happened to researchers these days? Where's the objectivity?

    • The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

      In other words... its functionality was reviewed in a similar manner to iOS Maps?

    • by gagol (583737)
      It is a shame this post was from AC, it will fall under threshold unless we give it a deserved bump. Thank you!
    • by Cenan (1892902)

      Your premise is wrong. Why should any kind of antivirues algorithm/software be excused for being "new"? You're either capable of detecting malware or you don't release. You aren't supposed to "learn on the job" with malware detection

      • by rh2600 (530311)
        Why not? For all we know their detection may be bayesian based and still has "learning" to do in the field. Maybe this learning can take place in a matter of days with a sampling size as large as Android's. I think a trade-off of some start-up time in return for a system that can cope better with new attempts to circumvent its detection the better. FWIW this article is a beat-up - Google have multiple layers to their malware detection, and they've only tested one layer.
    • by tooyoung (853621)

      The "researchers" tested the service a few days after it's release, and compared it with other similar apps that had months, if not years time to polish and get up to date?

      Would you apply this logic to all products and services, including those made by Apple, Sony, and Microsoft? How long should a service be available before a review or study is acceptable?

  • Or maybe... (Score:5, Insightful)

    by GeLeTo (527660) on Monday December 10, 2012 @11:54AM (#42242745)
    The malware developers test and try to circumvent the Google scanner and don't bother with third-party security apps. If Google buys an app with 100% detection rate and uses it in their scanner, guess what the detection rate will be a few months later.
  • I wonder if this is the correct term: "infected" means that the author had written a benign application, while an attacker somehow got control over his distribution channel and modified the app to his needs. Meanwhile, I believe that in a significant number of cases cheap apps are written and distributed by malicious authors. So yep, they're dangerous, and no, they're neither infected nor otherwise modified.
  • So who detected the remaining 85% in order to give us this statistic of 15% detection rate? And why isn't that being used instead?

  • by bickerdyke (670000) on Monday December 10, 2012 @01:48PM (#42243861)

    Does any of the mentioned "existing third party products" really DETECT malware? Or do they only check apks against lists of manually compiled checksums?

  • It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.

    • by godel_56 (1287256)

      It detects 15% of malicious apps, which would otherwise go undetected. Thats better than not having this service.

      But looking at the alternatives (from TFA) even lowly ClamAV detected 51%, and two of the commercial programs detected 100% of the malware samples (looks like Avast and Symantec).

      If you're beaten by ClamAV, well man, that is embarrassing. Oh, and Clam is free as well.

      • by allo (1728082)

        clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.

        • by godel_56 (1287256)

          clamAV is a scanner, analysing files. the google service is afaik like a dns rbl ... it just checks for known bad hashes. Flip a bit, and it won't recognize the virus.

          Users aren't concerned with how it works, only if it works, and to some extent how much it costs. The Google service may actually be harmful by giving a false sense of security to noob users.

    • Not really, because it gives users a false sense of security - they belive the apps have been scanner, but they've been scanner rather poorly.

      • by allo (1728082)

        still better than not scanned.

        • Not really.
          If you tell users that apps have been scanned, they install them with a [false] sense of security, beliving that the scanning process is protecting them.
          If you tell them stuff isn't scanned, they'll probably tend to be slightly more careful (lots will still screw up though).

          • by allo (1728082)

            Google does not tell its scanning. It just does it, and alerts the user, if its malware-positive. If its negative, the user gets no message at all.

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...