May 15, 2018

16 Android Security Apps vs. Google Play Protect in an Endurance Test

Google claims to scan and sort out all apps on the Android smartphone or tablet for malware – but it cannot cope with the deluge. The endurance test from November 2017 to March 2018 indicates that the 16 tested Android security apps provide vastly greater protection than Google Play Protect alone.

16 Android security apps vs. Google Play Protect

in an endurance test.

zoom

Google's aim to protect users from malicious apps is indeed honorable and ambitious, but the protection still doesn't work the way Google intended. This is also documented by the result of the endurance test throughout a period of 6 months. In the tests, all 16 apps, along with Google Play Protect, were required to detect nearly 9,500 brand-new infected apps and filter over 8,500 apps with malware samples that have already been known for 2 weeks. Play Protect was not able to keep up with the detection rates of specialized security apps.

8 out of 16 apps with the maximum point score

All apps, and Google Play Protect, were tested within three separate test rounds from November 2017 to March 2018 in the categories of protection, usability and features. In the first two categories, the laboratory awards a maximum of 6 points, and for features a maximum of 1 point. Thus, 13 is the maximum point score. This top score was achieved by the apps from Avast, Bitdefender, G Data, Kaspersky Lab, PSafe, Symantec, Tencent and Trend Micro. Following close behind are the apps from McAfee with 12.8 points, Alibaba with 12.7 and AhnLab with 12.4 points.

he additional apps from Ikarus, Sophos, F-Secure, Antiy, and Cheetah Mobile achieved 11.5 to 10.3 points out of 13. Last place finisher is Google Play Protect with a total of only 6 points

Endurance test – 16 Android apps vs. Google Play Protect

In 3 tests throughout 6 months, 8 apps earned the maximum point score.

zoom ico
16 apps in an endurance test – detection

7 security apps were able to detect and delete all of the nearly 18,000 infected apps in the endurance test.

zoom ico

1

Endurance test – 16 Android apps vs. Google Play Protect

2

16 apps in an endurance test – detection

Endurance test with nearly 18,000 malware apps

In each of the three rounds, all protection apps were initially required to detect some 3,200 brand-new apps with malware samples in the real-world test. Later, the object was to detect the reference set containing an additional 2,800 apps with malware which had already been wreaking havoc for 2 weeks. Thus, in total, it was necessary to filter roughly 18,000 malware apps. In all three tests, and throughout both test steps, 7 of the 16 security apps always detected the malware apps 100%: Antiy, Cheetah Mobile, G Data, Sophos, Symantec, Tencent and Trend Micro.

Following with 99.9% detection in the real-world test and 100% on the reference set were the protection apps from Alibaba, Avast, McAfee and PSafe. Bitdefender and Kaspersky Lab detected 99.8 percent on average in the first segment, and 100 percent in the second. AhnLab, F-Secure and Ikarus still reached high rates in both test segments with 98.2 to 100 percent. Google Play Protect comes in dead last with 56.8 and 61.5 percent detection.

Annoying protection apps are dumped from the device

Regardless of what good a protection app may be: if it annoys users or constantly drains the battery of the user's device, it will be dumped from it. Under the collective term of usability, the laboratory precisely examines what the app does during the test: if it requires too much processing power, then it negatively effects the battery just as much as constantly accessing data in the background. Furthermore, the test examines what the protection apps report during mass installation of innocuous apps. For this purpose, the laboratory proceeds to download from the Google Play Store and other sources roughly 2,500 to 3,000 Android programs, and installs them. If detection is working properly, then there should be no false alarms.

In all of the specified test areas, the following 8 apps and Google Play Protect showed neither abnormalities, nor were there any false positives: Avast, Bitdefender, G Data, Kaspersky Lab, PSafe, Symantec, Tencent and Trend Micro. For this, the maximum 6 points were awarded in each case.

An additional 8 apps repeatedly reported false positives during the installation of normal Android apps. For McAfee, Alibaba and AhnLab, the false alarms only occurred sporadically. That is why on average, 5.8 and 5.7 points were still awarded. Ikarus received a mere 5.5 points. The apps from Antiy, Cheetah Mobile, F-Secure and Sophos experienced far more false detections. This cost the security apps valuable points. They had to suffice with a meager 4.5 to 3.3 points.

Avast

The free protection app worked error-free in the test.

zoom ico
Bitdefender

In addition to error-free performance, the app offers good premium extras.

zoom ico
G Data

The security app delivered outstanding performance in the test, earning the maximum 13 points.

zoom ico
Kaspersky Lab

The Android protection app demonstrated its usual strong performance: 13 points.

zoom ico

1

Avast

2

Bitdefender

3

G Data

4

Kaspersky Lab

Extra point for extras

The lab awarded a maximum of one point for the features offered by the apps, as most of them are not security-relevant. Important features include anti-theft functions. Only Antiy and Tencent do not offer them. One feature that continues to be important is safe-browsing protection, which safeguards the user from infected websites and phishing. It is offered by all the apps evaluated – except for Google Play Protect.

Many of the apps offer additional features, such as call blockers, encryption and backup tools for data, network scanners or functions for protecting private data. However: the manufacturers offer some additional features only in the premium versions of their security apps. In general, however, they can be tested for 15 to 30 days free of charge.

Endurance test: 50 percent of apps with the best score

The 6-month endurance test confirms the good overall performance of many security apps for Android. The apps from Avast, Bitdefender, G Data, Kaspersky Lab, PSafe, Symantec, Tencent and Trend Micro garnered the best score of 13 points.

Setting the additional categories of usability and features aside and concentrating only on protection, the result looks even better. 12 of the 16 tested apps received the full 6 points for their performance in the endurance test.

Google endeavors to increase the security for all Android users. If this were not the case, there would be no constant scanning of the Play Store and automatic examination of each mobile device using Google Play Protect. The laboratory from AV-TEST does indeed agree with the call for more security, but the current test scores of Google Play Protect recommend the use of a security solution, however. The test indicates that users have a wide selection of security apps – many of them are even available free of charge.

Even non-rooted devices are jeopardized

Marcel Wabersky
Marcel Wabersky
Team Leader in the Technical Laboratory

The system structure of Android is configured in such a way that it is generally considered to be quite secure. If devices are rooted, users themselves defeat the security mechanisms of the structure and are much more easily attacked. But even non-rooted devices are not always safe.

Again and again, new security flaws are becoming known in Android as well. An app with malware – an exploit – targets these vulnerabilities, thus penetrating systems in this manner. That is precisely the moment where the use of a security app for Android pays off. The malware app is blocked and deleted, and the threat is averted.

More and more security gaps in Android

Anyone wanting to know how many security gaps exist under Android ought to visit the Android Security Bulletins website. Taking a look into the entries of 2015, there are isolated cases classified as "high" or "critical". When we fast forward to 2018, there are now dozens of entries. In March 2018, for example, the website reports 80 vulnerabilities for Android versions from various manufacturers – 11 of them are "critical". As many manufacturers no longer create any update for old Android versions, the gaps remain open and the risk potential increases for the above-mentioned attack scenario. Google actually seeks to provide for this case with its Play Protect. For this purpose, each app installed on a mobile device is scanned on a recurring basis – after all, it does receive updates. Under Android, it means that the app is re-installed. That is why users ought to always use a security app.

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.