20 apps put to the test in a new scoring system

In the tests of the past years, the lab awarded a maximum of 13 points in the Android test. Effective immediately, the lab has adapted the test of mobile apps to the Institute's standard test assessment. All apps were evaluated in terms of their protection, performance and usability. As the lab awards up to six points for each category, an app can now achieve a maximum of 18 points. The extra features formerly assessed with one point are now no longer relevant. They are occasionally introduced, as in this feature article, without an assessment.

The newly designed test also shows that many of the apps tested not only offer a high level of protection but also go easy on the battery and detect secure apps error-free. Of the 20 security apps tested, the lab awarded the top score of 18 points in 12 cases. The apps come from Antiy (two versions), Avast, AVG, Avira, Bitdefender, Cheetah Mobile, ESET, G Data, McAfee, Symantec and Trend Micro. This is followed by the solutions from AhnLab, Ikarus and Kaspersky, with excellent results of 17 points.

Protection: alone against 6,600 infected apps

Each app was required to overcome two hurdles in the protection test. The first task was to detect and block 3,300 brand-new contaminated apps. That is the so-called real-time test with apps from the Internet, some of which are only a few hours old. In the second segment, the test with the reference set, the objective is to detect an additional 3,300 apps. These specimens, posing a particular threat, however, have only been in circulation for up to four weeks. In both test phases, 10 apps each detected 100 percent of all attackers: Antiy, Avast, AVG, Bitdefender, Cheetah Mobile, G Data, Sophos, Symantec, Trend Micro and ESET. Kaspersky, McAfee, Ikarus, AhnLab, Antiy AVL Sec and Avira committed minor errors in either the real-time test or the reference set, yet they still achieved the 6 points for the top score. All additional apps committed several errors in detection and had points taken off as a result. Google Play Protect performed the worst by far in this test: 44.1 percent and 54.7 percent.

Overall, 16 out of the 20 tested apps achieved the top score of 6 points in the protection test phase.

Performance: battery hogs or system slowdowns

A protection app naturally is not allowed to attract negative attention due to an excessive load on the CPU, as this sacrifices system speed and battery power. Background operations, such as constant data traffic, also put a load on the system. The laboratory individually examined all of these criteria on each app. The result is perfect: None of the apps were conspicuous in these test criteria. This means the maximum 6 points for each app!

Usability: test for false positives

A good security app ought to detect not only contaminated apps but also the benign apps that do not contain any malware samples. If a security app wrongly assesses a harmless app and sounds an alarm, this can unsettle the user. This naturally should not happen. That is why when evaluating usability, the lab downloads more than 2,300 normal apps from the Google Play Store onto a smartphone and every system sentry is required to recognize friends as friends. As an additional evaluation, the lab utilizes just under 700 additional benign apps from other sources and also downloads them onto the device for evaluation. In this respect, most of the system sentries demonstrate great savvy and discretion, recognizing all harmless apps as such. AhnLab, Ikarus and Kaspersky stood out by each committing one false positive. There were two false positives committed by F-Secure, SecuriON and Sophos. Google Play Protect even quarantined 8 harmless apps as would-be attackers.

The Club of Good System Sentries

Those seeking greater security for their Android devices will find the right security app in the latest test. As the test statistics indicate, protection through Google Protect alone is not sufficient. A total of 12 out of the 20 products evaluated completed the test with the top score of 18 points: Antiy AVL, Antiy AVL Sec, Avast, AVG, Avira, Bitdefender, Cheetah Mobile, ESET, G Data, McAfee, Symantec and Trend Micro. Some of these apps are even available free of charge, some cost a minor annual fee, as they also come with additional premium functions – VPN, for example.

It is very interesting to note that none of the apps in the test slowed the devices down or put an excessive load on the battery. After all, critics of security apps are always quick to conjure the argument that protection only comes at the sacrifice of power.

Even Google knows that not all existing apps are secure. Otherwise, Google Protect would not exist, nor would the constant scans of the Play Store app marketplace. As Google is not sufficient on its own, each Android user should use a security app; at least one for free.