©  2026 AV-TEST  | SITS Deutschland GmbH

Test Modules under Android

Protection

How well does a security app protect the mobile devices of Android users against real threats? Instead of being theoretically evaluated in simulated test conditions, at AV-TEST products are required to fend off the latest malware in a worldwide unique, fully-automated Android test system. All the tests are carried out on the latest smartphones.

Stage 1: Real-time detection of the latest Android malware

Attacks on Android devices have proven to be a lucrative line of business for criminals. Accordingly, the number of newly developed malware samples for the widely used class of devices continues to increase. Against this background, the real-time detection test re-creates one of the main threat scenarios for Android users: The test exclusively involves the latest malware, which AV-TEST has initially detected no later than within the past 24 hours. The test set encompasses several thousand of these latest malware apps.

Routine of the test procedure for real-time testing:

  1. The products are installed, updated and launched using the default settings on the smartphone, during which complete Internet access exists at all times.

  2. An AV-TEST analysis app is installed on the smartphone, which automates the test and logs all the results.

  3. A malware app is installed on the smartphone.

  4. If the product issues a clear warning or message on the device, this is detected, saved and documented per screenshot by the analysis app.

AV-TEST creates identical and reproducible conditions for all the products within a test. For this purpose, the test routine for all products and for each test case is carried out simultaneously, deploying identically configured test systems.

Stage 2: Detection of the latest Android malware from the last 4 weeks

Even malware apps that are only a few days old constitute a significant risk to Android devices. One of the essential reasons for this, for example, can be the lack of timely updates for security apps. In the Android lab, these circumstances are taken into account in a relevant test. The system deploys several thousand malware apps, enabling the measurement of the products' detection capability for malware that has already been in circulation for up to four weeks.

Routine of the test procedure for real-time testing:

  1. The products are installed, updated and launched using the default settings on the smartphone, during which complete Internet access exists at all times.

  2. In a next step, the test set with malicious Android apps is subjected to an on-demand scan.

  3. All files not detected in the on-demand scan are executed on the smartphone in order to test dynamic detection.

AV-TEST creates identical and reproducible conditions for all the products within a test. For this purpose, the test routine for all products and for each test case is carried out simultaneously, and identically configured test systems are deployed.