In Case Google's Defenses Fail: 21 Android Protection Apps Put to the Test
Despite security scan and a monitored Play Store, Google Play Protect exhibits the weakest malware detection in the test. That is why it is time for a stronger Android protection partner. AV-TEST tested which apps protect the best.
Google endeavors to protect the billions of its apps' users. But as the latest test shows, there are better protection partners for mobile Android devices. In the current test, the laboratory at AV-TEST evaluated 21 apps and the Android protection function, Google Play Protect, in terms of their protection, usability and features or extras.
12 apps earn top scores
In May 2018, the lab examined a total of 21 security apps and Google Play Protect under the Android 6.0.1 platform. In the two test segments of protection and usability, the laboratory awards a maximum of 6 points, and a maximum of 1 point for features. A total of 12 apps achieved the top score of 13 points: Alibaba, Avast, AVG, Avira, Bitdefender, G Data, Kaspersky Lab, McAfee, PSafe, Symantec, Tencent and Trend Micro. An additional 3 apps still received an excellent point score of 12.5: BullGuard, F-Secure and Quick Heal. The remaining apps achieved between 12 and 9 points. At the end of the list is Google Play Protect, also tested, with only 6 points.
Detection of 6,000 malware apps – no problem
The test involving the detection of malware apps occurs in two steps. First, the lab evaluates all security apps in the real-world test with 3,000 infected apps that are a maximum of 24 hours old. In the second step, the reference set is used, containing over 3,000 apps. These malware apps are a maximum of 4 weeks old. This is an acid test of whether the security packages can also capably detect old nemesis malware.
Of the 21 apps tested, 12 detect all attackers 100 percent in both test segments: Alibaba, Antiy, Bitdefender, Cheetah Mobile, G Data, Sophos, Symantec, Tencent, Trend Micro, Avast, AVG and PSafe. F-Secure and Kaspersky Lab achieved 99.9 percent in the real-world test and otherwise scored 100 percent. For their strong performance in terms of protection, a total of 17 apps reach the maximum achievable 6 points. The additional apps receive 5.5 to 2 points in the detection test. The protection of Google Play Protect is a weak 54.8 and 66.0 percent. This accounted for the rating of zero points.
Check for usability under everyday conditions
The test category of usability consists of several separate evaluations. There are tests, for example, whether the relevant security app uses lots of processor resources and generates lots of data traffic. Because that can cost a good deal of battery performance. Moreover, friend-foe detection is tested. To do so, each security app is required to properly detect nearly 3,000 normal mini applications from the Google Play Store and additional reliable sources.
With respect to loss of performance and battery load, none of the apps tested indicated abnormalities. In terms of friend-foe discrimination, the following security apps falsely detect 1 to 10 clean apps: AhnLab, Antiy, Cheetah Mobile, F-Secure and Ikarus. Only with Sophos do things really go awry. This security app wrongly detects nearly 100 clean apps as foes.
Features – partly invaluable, partly useless
In the last test category, features, the testers award a maximum of one point, as most of the extras in the security apps are not security-relevant. Only the anti-theft functions and safe browsing are topics of focus. Antiy, NSHC and Tencent offer no special anti-theft functions. Only the apps from BullGuard and NSHC offered no safe browsing.
Some apps also provide additional functions for parental control, backup, encryption and security functions for phoning, such as call blockers or message filters. But also security tools for WLANs and network monitors can be found selectively. Some of the functions are reserved to the premium version and can therefore only be tested for 15 or 30 days.
The alternatives in case Google's defenses fail
The market offers a vast selection of good security apps for mobile Android devices. The test showed that 12 out of 21 tested apps are the better choice compared to Google Play Protect. The apps from Alibaba, Avast, AVG, Avira, Bitdefender, G Data, Kaspersky Lab, McAfee, PSafe, Symantec, Tencent and Trend Micro finished with the top score of 13 points. Five of the 12 apps can even be used completely free of charge. Yet the other additional apps from BullGuard and F-Secure with 12.5 points are worth recommending.
Users should not rely only on Google Play Protect with its regular scans on mobile devices. The detection of the latest malware apps and also of malware in circulation for weeks is too mediocre. Every third infected app goes undetected as malware and can thus wreak havoc.
40 percent of the Android systems are still working with Version 5.1 to 2.3.3
![Marcel Wabersky](/fileadmin/_processed_/6/8/csm_AV-TEST_Portrait_Marcel_bf32b1d72b.jpg)
Marcel Wabersky
Team Leader in the Technical Laboratory
Outdated systems are especially vulnerable to malware attacks. Yet even the latest Android systems are not highly secure.
Critics of security software for Android are always quick to cite the secure architecture of Android. It is structured so that, below the root level, apps do not have any system-relevant access. While that may be true in theory, another problem comes into play in practice: the vulnerabilities and security gaps in all Android versions, which are preyed upon by specially devised exploits which in this manner do gain access to the root level after all. Google itself provides on the website Android Security Bulletins a somewhat bewildering list of all vulnerabilities of Android 2.3.3 up to the latest Version 8.1 (Oreo). The current distribution of the Android systems is found on the Distribution Dashboard. There, Google lists that 40 percent of all active devices are still running on Android 2.3.3 to 5.1 (Lollipop). Currently, security researchers have evaluated an attack on devices with Android 4.0. In this scenario, the security system is circumvented by means of a memory attack, thus gaining access to the root level presumed to be secure.