Google last again in Android antivirus ranking (2018)
Google Play Protect does not protect Android devices against malware attacks very well according to latest test results of German company AV-Test. The result confirms previous tests that AV Test and AV Comparatives conducted to test protective capabilities of Android security solutions.
Play Protect is the built-in malware protection for Android that powers more than two billion devices according to Google. The protective functionality is baked into Android and uses machine learning algorithms to improve in real time according to Google. The service scans more than 50 billion apps every day according to Google.
You can check "My apps & games" section of the official Google Play application to find out if Play Protect detects security related issues on the device and when it last scanned apps on the device. It is furthermore possible to start scans with a tap on the reload button.
Google Play Protect's bad security rating
The latest test results of German antivirus and security testing institute AV-Test suggest that Google Play Protect does not offer adequate protection against malware.
The institute checked 21 different mobile security products for Android from renowned companies such as Avast, Avira, Bitdefender, G Data, or Kaspersky against a set of 2945 of the latest Android malware threats and a set of 2709 malware samples discovered up to four weeks ago at the time of the testing.
Google Play Protect was the only solution that received 0 points in the protection category. It had detection scores of 70.1% and 49.4% against real-time malware and malware of the last 4 weeks. The average for all tested solutions was 97.4% and 96.7% respectively.
Only four antivirus solutions received test scores below the maximum score of 6. Google Play Protect was the only solution that did not receive any points; TrustGo Antivirus & Mobile Security received 2 points, iNetCop's OnVaccine 3 points, and Ikarus' Mobile Security 5.5 points.
All other solutions got maximum points in the protection category.
Google Play Protect fared better in the usability category where it received the maximum number of points. Most mobile security solutions received maximum points in the category as well as only 7 received a score less than the maximum of 6.
A high usability score is awarded when apps don't impact battery life, slow down device usage, or generate excess traffic, and when the number of false positives is low.
Solutions that received full points in protection and usability are: AhnLab V2 Mobile Security, Alibaba Mobile Security, Avast Mobile Security, AVG Antivirus Free, Avira Antivirus Security, Bitdefender Mobile Security, G Data Internet Security, Kaspersky Internet Security, Norton Mobile Security, Tencent WeSecure, and TrendMicro Mobile Security.
How did Google Play Protect perform in previous months? Not better: the solution kept its 0 rating in the protection category in all four tests AV-Test ran this year.
A quick check of the mobile security results for Android on AV Comparatives, another test organization, paints a similar picture. Google came in last with a protection rate of just over 50% at 51.8%. The second worst program had a protection rate of 92.3% and that only because of a bug in the software program.
Closing Words
The main takeaway is that Google Play Protect does not protect well against threats on Android. It reminds me a lot of how Microsoft's security solutions, Windows Defender and Microsoft Security Essentials, started.
Android is plagued by malware campaigns and while some protection is better than none, it is clear that Google Play Protect is not the best when it comes to protecting Android users from malware attacks.
Do Android users need another security solution then? It depends on device usage in my opinion; if you install lots of apps from unverified sources you may want to add extra protection to your device. If you use it to check Google Maps, the weather, and for chatting, the risk of being exposed to malware is relatively low.
Now You: Anti-malware apps on Android, yes or no?
Google Play Protect is used to detect apps that Google dislikes; I believe it unlikely that Google truly intended it as a true anti-malware solution. Particularly, it flags as malicious apps that it believes may be disruptive to its business models (mainly advertising and analytics and to a lesser extent license brokering). For example, tools that block advertisements or analytics or provide a means to disable or reduce them are often flagged by Google Play Protect as malicious, even though the apps are clearly for such purpose and users intend to use them for those purposes.
Some other known malicious apps may be added to the Google Play Protect detection for the sake of deniability and not appearing too blatant.
Yes, why is ESET not included in the test?
I don’t know what Google protect actually does. I have tested installing apks from outside the play store, cracked apks, even rat apks and Play protect never detected anything. So if it’s made to scan apps that are installed from the official store only then why arent they doing it server side instead of scanning the apps after I install them on my phone?
“The service scans more than 50 billion apps every day according to Google.”
For what? Slipped user phone numbers, IP’s, credit card numbers? I’ve never seen any “security enhancement” offered by google that doesn’t ask for even more personal information. They treat customers like idiots; they can’t fix problems without taking something from them? I trust nothing they do. Don’t even believe the 50 Billion number, does google remember what a google is? Googleplex? Do they have any employees who were alive in the 1970’s? Hah!
In the beginning of June, I made the mistake of leaving the Play Store installed in my phone. It version updated many times, each time apparently turning off more privacy settings along with turning on location and random weird “Warning: This network may be monitored!” messages. Used gigs of data just to make the phone slower and slower. Took hours to pry the Playing Store out of the phone last week. Gigs of data to make things worse, Yup, that’s google!
Security is FF Focus (No I can find no evidence of the mystery server it doesn’t connect to), using lots of open source, simple apps and turning off anything google that I can. Chrome was disabled day one. Not allowed on any of our phones or computers.
Second comment here but couldn’t get this out of my mind… This is definitely tinfoil/conspiracy territory:)
Looking at some of these AV apps with great marks on the av-test site, their “privacy” policies, the extensive permissions and low-ratings on the playstore for some… What if: a few of them are the very sources of the malware they are identifying.
In this tech age where anything goes and there’s little accountability for what tech companies do, perhaps this thought isn’t so far-fetched.
Difficult to isolate the top tier products when so many are 6 & 6 (protection & usability). I’d have to go through them and find the ones with the strongest privacy policies and clear-cut (transparent) reasons given for permissions.
I make the last statement because some AV programs have gotten into the data-hording & sharing game – which, ironically, make them privacy/security trojans.
A look at a few of the top listed AV apps show the requested permissions are extensive (mind-blowing). The second one listed (Mobile Security 5.8) has a playstore rating of just 2.1… Indeed: I’ll have to go through each app with a fine-toothed comb.
Also interesting points from Anonymous (August 21, 2018 at 5:15 pm) about what’s considered malware.
I got Bitdefender to take care of that. 🌚
Heck, who needs an antivirus on Android anyway! I even have the Play Protect turned off. Useless stuffs.
That’s an odd comment. Why would you think that you don’t need AV on Android? https://source.android.com/security/bulletin/2018-08-01
Play Protect isn’t a fool proof tool, nor is it to be one like the others named. It’s simply a tool that scans apps when downloaded from the Play Store, and from time to time scans installed apps. It’s not real time protection by any means. I don’t know why they included it with all those others. And not only that they left off one of the real great apps. Where is Lookout? Now unless I’m not understanding what this testing is all about I think they have things wrong.
I use ESET Mobile Security on my Android smartphone. It may not be the best Android antivirus, but I’ve used ESET NOD32 on the desktop for about a dozen years now and it hasn’t let me down.
Would be interesting to know, what kind of malware the Google scanner didn’t catch. Google often has a very peculiar concept of what needs to be protected and what not.
Obviously it’s their business model to be borderline trojan, but then you sometimes hear Google employees repeat that same bullshit as if it was actually true.
So, I could imagine that they actually just didn’t consider something a threat that this institute did.
yeah, android sucks because of linux if it was windows 10 it would be most super duper security focus team
Like anything popular it becomes a target, if Linux was more popular as a user operating system on desktops and laptops, it would have been more targeted as well. People saying that Linux is immune to viruses are just saying it to make Linux look good.