IN BRIEF: In recent year, we have seen a tremendous increase of mobile applications across many countries – It is like everyone want to come with a mobile application for many reasons. On the other hand, the rate of fake and malicious mobile applications is rapidly growing posing major security risk to mobile users.
Mobile application developers are now facing threats to customers and application data as automated and sophisticated attacks increasingly target the owners, users and data of mobile applications.
Apart from jeopardizing our privacy from unprotected Application from various application developers, Criminals are also developing mobile applications with malicious intentions putting thousands of users who download them to fall victims of cybercrimes.
#Cybersecurity We have seen the rise of malicious Mobile-apps affecting users! #Infosec We Strongly encourage users to install #MobileApp from trusted source -which are safely configured & protecting our #privacy#Cybercriminals are distributing infected mobile apps! #Cybercrimes pic.twitter.com/JMf4TDakmD
— YUSUPH KILEO (@YUSUPHKILEO) January 14, 2018
It is prudent to secure our mobile devices with security solutions – Sadly, A recent test of anti-malware apps available in Google Play showed that most are not, in fact, worthy of the name and, indeed, the space they take up on the Android device.
Independent testing outfit AV-Comparatives threw the 2,000 most common Android malware samples seen in the wild last year at 250 security (and, as it turns out, also “security”) apps that were available in the Android store in January of this year. Only 80 apps passed the organization’s most basic test – flagging at least 30 percent of the samples as malware while reporting no false positives for some of the most popular and clean apps in Google Play.
Crucially, only 23 apps passed the test with flying colors; that is, they had a 100-percent success rate at detecting the malicious code.
So, what are those purported anti-malware solutions that failed the test up to? You may have guessed it – for the most part, they’ll only foist ads on you. Put differently, instead of keeping you safe from pests that are banking Trojans, ransomware and other threats, many of the fake security apps will apparently only pester you with unwanted ads, all in the name of easy revenue for the developers.
Indeed, some of the products are already detected, at the very least, as “potentially unwanted applications” by at least some reputable mobile security solutions and are likely to be booted by Google from the Android store soon.
In many cases, the apps’ “malware-detecting functionality” resided in their comparing the name of a package for any given app against the AV apps’ respective whitelisted or blacklisted databases. This way of determining if a piece of software is safe or not, can, of course, be trivially easy to defeat by malware creators. Meanwhile for the user, it creates a false sense of security.
The fact that many ad-slinging apps are disguised as security solutions may not be a revelation for you. After all, ESET malware researcher Lukáš Štefanko warned early in 2018 about dozens of apps that professed to protect users from malicious code, but were instead only vehicles for displaying ads.
Meanwhile, a number of products that scored poorly in the test were deemed to be the work of what AV-Comparatives called “hobby developers”. Rather than focus on producing quality security software, these software makers apparently produce a variety of apps that are only designed to generate ad revenue for them. Still other developers “just want to have an Android protection app in their portfolio for publicity reasons”, wrote the AV testing outfit.
In addition, user ratings and/or download numbers are not necessarily something to go by. “Most of the 250 apps we looked at had a review score of 4 or higher on the Google Play Store. Similarly, the number of downloads can only be a very rough guide; a successful scam app may be downloaded many times before it is found to be a scam,” wrote AV-Comparatives, adding that the ‘last updated’ date isn’t a reliable indicator, either.
All told, the results can be understandably disheartening. On the other hand, they’re another reminder of the need to stick to reputable products with proven track records in mobile security.