21 Protection Apps for Android Put to the Test
Anyone who looks at the latest statistics on Android malware will immediately check the security app on their mobile devices: there are already 18 million malware samples registered. And it doesn't look as if the growth will be stagnating anytime soon. Per month, roughly 600,000 new malware samples enter the scene – now also as ransomware. These malware threats encrypt the data of the device and only release it in exchange for payment.
Wer die aktuelle Statistik über Android-Schädlinge sieht, der kontrolliert sofort seine Schutz-App auf dem mobilen Gerät: es sind bereits mehr als 18 Millionen Schädlinge registriert. Und es sieht nicht danach aus, als würde das Wachstum in nächster Zeit stagnieren. Pro Monat kommen in etwa 600.000 neue Schädlinge hinzu – inzwischen auch Ransomware. Diese Schädlinge verschlüsseln die Daten des Geräts und geben sie nur gegen eine Zahlung wieder frei.
Test result of Android apps
21 apps in the detection test
Sophos Mobile Security
Symantec Norton Mobile Security
21 apps put to the test – more than half deliver top performance
In the above test, the lab evaluated 21 security apps in terms of their protection and usability. It also looked at the extra features. The first two categories were rated with 0 to 6 points each. For security relevant extra features, a maximum of 1 point was awarded. All the other extra features were not further evaluated.
A total of 9 apps were able to earn the maximum 13 points. They come from AhnLab, Antiy, Baidu, Bitdefender, Cheetah Mobile, Kaspersky Lab, Sophos, Symantec and Tencent. Following closely behind at 12.5 points are the apps from ESET, G Data and McAfee (Intel Security).
21 apps against 6,000 malware threats
Given the current growth rates in Android malware threats, it is important for a security app to detect the latest malware and to not forget already known samples. That is why the lab conducts the protection effectiveness test in two steps. First, each security app is required to detect over 3,200 brand-new malware samples hidden in infected apps. That is the so-called real-world test. In the second step, the objective is to turn around and detect over 2,800 already known infected apps. These are actually known to the manufacturers roughly 4 weeks in advance. That is the so-called reference set.
The apps delivering perfect malware detection in this test were from Sophos and Symantec. In both test steps, they detected over 6,000 malware samples 100% each. With minimal error rates, these are followed by apps from AhnLab, Antiy, Baidu, Bitdefender, Cheetah Mobile, Kaspersky Lab, Sophos, Symantec and Tencent. That is why all the apps in question receive the maximum achievable 6 points in the category of protection.
To protect and serve
In the test for usability, it is evaluated how many system resources an app uses in the line of duty. When in operation, it should neither put a load on the device processor nor place a major drain on the battery. Moreover, the data traffic in the background should be quite low. In addition to these performance aspects, the handling of normal apps is also evaluated. For this purpose, over 3,000 apps completely free of malware from the Google Play Store and other sources are loaded and installed on the devices. During this friend-or-foe test, none of the apps are allowed to be declared a threat.
The result for almost all security apps is excellent: 19 out of 21 apps receive the maximum point score of 6. Only the apps from Avast and Trend Micro had one point taken off because the measured battery drain during operation was too high.
"Is there anything else I can do for you?"
In addition to the security-relevant functions, many of the apps are also equipped with additional features. Among the more important extra features, for example, are the anti-theft functions. They are found in all apps except for Antiy, Cheetah Mobile Clean Master, NSHC, ONE App Limited and Tencent. A safe browsing function is also available practically everywhere. The apps from Baidu, BullGuard, NSHC and ONE App Limited have none. There are also individual features such as call blockers, tools for encrypting data, backup functions or parental control settings. Depending upon the app, some of the features are considered premium functions that after the test phase only continue to function with a valid license.
Good protection apps are even available for free
Among the 21 apps tested, many of them are even for free In terms of malware detection, the apps from Sophos and Symantec always achieve the 100 percent mark. In addition to 6 points, both are very well equipped in the category of usability. Together, this adds up to the highest point score of 13. Whereas the Sophos app is free, the Symantec app requires an annual fee. In exchange, however, it offers an additional app analyzer.
Also achieving 13 points are the apps from AhnLab, Antiy, Baidu, Bitdefender, Cheetah Mobile (CM Security), Kaspersky Lab and Tencent. The Baidu app is only available in Chinese, however. Rated at an excellent 12.5 points, the apps from ESET, G Data and McAfee (Intel Security) are also recommended.
The test shows that a user seeking to install a security app does not even have to spend any money. Furthermore, the good apps do not require any additional device resources, they go easy on the battery and offer nice extra features. But the best additional benefit: the apps close the many security gaps of Android against what are currently over 18 million Android malware threats.
The vulnerabilities of Google Android
Marcel Wabersky Team Leader in the Technical Laboratory
Google Android is generally considered a safe system. But especially in many older Android versions, more and more vulnerabilities are surfacing. Currently, over 800 are known.
Many experts, as well as Google itself, continue to discover vulnerabilities in the Android system. The majority of those affected involve older Android versions, such as Version 4.4 and earlier. Yet even the new versions 6.0 and above continue to be affected. Each officially known vulnerability is entered into a database as another of the so-called CVE (Common Vulnerabilities and Exposures). In the entry, the type of possible attack is described, such as code execution, which Android version is vulnerable and what exactly happens. The CVE Details website lists all known vulnerabilities for Android. There are currently a total of 802 vulnerabilities registered. The overview on the page shows the number of vulnerabilities per year from 2009 to 2017. For January and February 2017 there are already 111 newly-registered CVEs!
Old Android versions have the most vulnerabilities
However: not every user, e.g. of Android 6.0, has all the vulnerabilities listed in the CVE database. The manufacturers of mobile devices with Android continue to close gaps with their own updates. This is often the case only with devices running on the latest Android versions, however. After a few years, there are usually no more updates, but only new security gaps.
A small testing tool for vulnerabilities is the X-Ray app for Android which, after all, is not distributed via the Google Play Store. The download is only available on the X-Ray website. Furthermore, the tool is often wrongfully identified as a malware app, as it queries the vulnerabilities.
For an especially well-known vulnerability, there is still the App QuadRoot Scanner from Check Point Labs. It is available via the Google Play Store.
A word of caution is appropriate, however: the specified testing tools are not an absolutely reliable source as to whether the existing Android version has additional vulnerabilities! That is why the use of a certified security app is all the more recommended.