Android Security Apps Provide Better Protection than Google Play Protect
It is a premiere: For the first time, the lab from AV-TEST evaluated the capability of Google Play Protect in a side-by-side comparison with 20 protection apps for Android. In a current user group of roughly 2.5 billion devices running on Android, it is an interesting comparison. Some should find the result astonishing. Because the bottom line is this: those relying exclusively on Google Play Protect potentially open their platform to one out of four attackers. Other popular security apps are more effective in this regard, as the current test indicates. A total of six of the evaluated apps deliver a 100% detection rate in the tests. Some of the protection apps are even free of charge.
Not only rooted devices are vulnerable
Android systems are indeed quite secure, yet they are still vulnerable. Those who root their device, and by doing so, open up access to the highest system-level, thus shut down one of the most important protection functions of Android. This is already known to many users. Yet there are many other vulnerabilities in Android that can be exploited by malicious apps. The older the Android system, the greater the number of known exploits. This is where an installed security app provides protection; while it cannot close the gaps, it can monitor them, blocking attacking malware apps and eliminating them.
In the current test, the laboratory at AV-TEST evaluated 20 apps and the Android protection function, Google Play Protect, in terms of their protection, usability and features/extras.
Search, identify, remove – nearly 6,000 times
The most important test segment for the apps is the detection of malware samples. The lab evaluates this criterion in two steps: Initially, all security tools were required in the real-world test to identify over 3,000 infected apps, which were freshly gathered by the lab. The second test segment once again involved the evaluation of nearly 3,000 malware apps, which, however, had already been in circulation for a maximum of 4 weeks. The background issue: do the protection apps detect totally new threats, and do they fend off attackers that are already known?
The 6 apps from Antiy, Bitdefender, Cheetah Mobile, Sophos, Symantec and Trend Micro reported all the malware 100 percent in the test. An additional 7 apps committed minor errors only on the latest threats, achieving detection rates of 99.9 to 99.7% in the real-time test: McAfee, Tencent, AhnLab, Avast, G Data, Kaspersky Lab and PSafe. In terms of detection, all other apps performed below these scores.
However, all the apps outperformed Google Play Protect in a direct comparison of detection. The latter detected only 65.8% of the latest threats, and only 79.2% of actually old and known attackers. More information on Google Play Protect and its mode of operation can be found in the box below, "Google Play Protect – only a good start."
A pain in the neck or a silent sentry?
The perfect app protects the user from all threats, and in doing so, uses very little processing or battery power, leaving all normal programs alone. The lab examined precisely these criteria on all apps, summarizing them under the term "usability".
In terms of performance, only the app from Sophos was conspicuous. It used somewhat more processing power, and therefore more electricity, than the other apps in the test.
For the detection test of normal apps, the lab downloaded from the Google Play Store and other sources just under 3,000 apps and installed them on each device. Only the apps from Avast, 360 Security and PSafe wrongly flagged a few individual apps harmful. All other protection programs completed this task error-free.
The added extras
While the lab awards up to six points each for the two test segments of protection and usability, the features count for a maximum of one point. After all, the many extra features offered are not particularly security-relevant. The focus is only on the anti-theft functions. They are found in all apps except for those from AhnLab, Antiy, NSHC and Tencent. A safe-browsing function is also advisable and found in all apps – except for NSHC.
Those seeking parental control functions will only find them in the apps from F-Secure, G Data, Quick Heal, Sophos and Trend Micro. None of the other apps offer equivalent functions in this area.
The protection tools offer many additional features and extras. These include, for example, a call blocker, tools for encrypting data, backup tools, network scanners and functions for protecting personal data. Manufacturers offer some of the additional features and extras only in the premium versions of their protection apps. In general, however, they can be tested for 15 to 30 days free of charge.
Security app vs. Google Play Protect
When we look at the table listing the detection rates, the conclusion of this test is obvious: Those relying only on Google and its protection service with Play Protect take an unnecessary risk. The weak detection rates at 65.8 and 79.2% speak for themselves. A much better feeling of security is provided here by the 13 apps from AhnLab, Antiy, Avast, Bitdefender, Cheetah Mobile, G Data, Kaspersky Lab, McAfee, PSafe, Sophos, Symantec, Tencent and Trend Micro. They all achieved the maximum six points in the category of protection.
If we only look at the detection rate, these six apps are the best, each scoring 100%: Antiy, Bitdefender, Cheetah Mobile, Sophos, Symantec and Trend Micro.
The internal AV-TEST statistics show: currently over 18 million malware samples are lurking in Android apps. Time for a good protection app!
Google Play Protect – only a good start
With Play Protect, Google filters the app store for infected programs and scans the apps on the devices of users. The mission is honorable, but the implementation is still fraught with too many errors. This is what's behind the Google service.
Google created some confusion in naming its protection function. Initially, it was called Google Verify, now Google Play Protect. The key aim of this function is to scan the apps in the Google Play Store and to automatically verify all installed apps on the Android device, even if they do not originate from the Store.
Google Play Protect does not depend upon the installed Android version. Only the latest version of Google Play Services (according to Google from Version 11) needs to be installed.
In the latest test, it was evaluated how well Google Play Protect safeguards against infected apps. To do so, infected apps were installed on an updated device. During the entire test, the mobile device had a connection to the Internet. Otherwise, Google Play Protect would not work at all. The detection rates, however, were more than mediocre compared to other protection apps.
Does Google play down the risk of malware apps?
When you call up the help function of Google Play Protect, Google suddenly no longer refers to threats, attackers or malware, but rather to "PHAs", or potentially harmful applications. This is the ambiguous term with which Google continues to also classify spyware, Trojans or ransomware. According to Google statements, Play Protect "scans billions of apps daily" in the Store.
Google promises its users that in evaluating the app, their device "... is automatically scanned around the clock, so you can rest easy." The latest detection results from Google Play Protect are not inclined to put users completely at ease. After all, in the beginning of November 2017, a purported WhatsApp update was distributed in the Play Store. The fake app with advertising spam was very quickly downloaded roughly 1 million times before Google finally blocked it.
Test reports from August/September 2017, security apps for AndroidAll results can be found here