Test: 20 Protection Apps for Android
Google constantly reports that the security of its users is a valuable commodity. That is why according to Google, apps are continuously monitored, not only in the Play Store. On user devices as well, Google Play Protect is always on the lookout for attackers that might be lurking within installed apps. But Google is not living up to the standard it has set for itself. In reality, there are regular reports about contaminated apps found in the Play Store (see box). The current test indicates that users should not rely solely on Google. Whereas 10 security apps detected the attackers up to 100% in all test phases, Play Protect at best found just under 55% of the contaminated apps. Based on the test results, users can make their own assessments.
20 protection apps for Android put to the test
Security apps put to the test in terms of their protection
20 apps put to the test in a new scoring system
In the tests of the past years, the lab awarded a maximum of 13 points in the Android test. Effective immediately, the lab has adapted the test of mobile apps to the Institute's standard test assessment. All apps were evaluated in terms of their protection, performance and usability. As the lab awards up to six points for each category, an app can now achieve a maximum of 18 points. The extra features formerly assessed with one point are now no longer relevant. They are occasionally introduced, as in this feature article, without an assessment.
The newly designed test also shows that many of the apps tested not only offer a high level of protection but also go easy on the battery and detect secure apps error-free. Of the 20 security apps tested, the lab awarded the top score of 18 points in 12 cases. The apps come from Antiy (two versions), Avast, AVG, Avira, Bitdefender, Cheetah Mobile, ESET, G Data, McAfee, Symantec and Trend Micro. This is followed by the solutions from AhnLab, Ikarus and Kaspersky, with excellent results of 17 points.
Protection: alone against 6,600 infected apps
Each app was required to overcome two hurdles in the protection test. The first task was to detect and block 3,300 brand-new contaminated apps. That is the so-called real-time test with apps from the Internet, some of which are only a few hours old. In the second segment, the test with the reference set, the objective is to detect an additional 3,300 apps. These specimens, posing a particular threat, however, have only been in circulation for up to four weeks. In both test phases, 10 apps each detected 100 percent of all attackers: Antiy, Avast, AVG, Bitdefender, Cheetah Mobile, G Data, Sophos, Symantec, Trend Micro and ESET. Kaspersky, McAfee, Ikarus, AhnLab, Antiy AVL Sec and Avira committed minor errors in either the real-time test or the reference set, yet they still achieved the 6 points for the top score. All additional apps committed several errors in detection and had points taken off as a result. Google Play Protect performed the worst by far in this test: 44.1 percent and 54.7 percent.
Overall, 16 out of the 20 tested apps achieved the top score of 6 points in the protection test phase.
ESET Endpoint Security
Bitdefender Mobile Security
Avira Antivirus Security Pro
Avast Mobile Security
McAfee Mobile Security
Google Play Protect
Performance: battery hogs or system slowdowns
A protection app naturally is not allowed to attract negative attention due to an excessive load on the CPU, as this sacrifices system speed and battery power. Background operations, such as constant data traffic, also put a load on the system. The laboratory individually examined all of these criteria on each app. The result is perfect: None of the apps were conspicuous in these test criteria. This means the maximum 6 points for each app!
Usability: test for false positives
A good security app ought to detect not only contaminated apps but also the benign apps that do not contain any malware samples. If a security app wrongly assesses a harmless app and sounds an alarm, this can unsettle the user. This naturally should not happen. That is why when evaluating usability, the lab downloads more than 2,300 normal apps from the Google Play Store onto a smartphone and every system sentry is required to recognize friends as friends. As an additional evaluation, the lab utilizes just under 700 additional benign apps from other sources and also downloads them onto the device for evaluation. In this respect, most of the system sentries demonstrate great savvy and discretion, recognizing all harmless apps as such. AhnLab, Ikarus and Kaspersky stood out by each committing one false positive. There were two false positives committed by F-Secure, SecuriON and Sophos. Google Play Protect even quarantined 8 harmless apps as would-be attackers.
The Club of Good System Sentries
Those seeking greater security for their Android devices will find the right security app in the latest test. As the test statistics indicate, protection through Google Protect alone is not sufficient. A total of 12 out of the 20 products evaluated completed the test with the top score of 18 points: Antiy AVL, Antiy AVL Sec, Avast, AVG, Avira, Bitdefender, Cheetah Mobile, ESET, G Data, McAfee, Symantec and Trend Micro. Some of these apps are even available free of charge, some cost a minor annual fee, as they also come with additional premium functions – VPN, for example.
It is very interesting to note that none of the apps in the test slowed the devices down or put an excessive load on the battery. After all, critics of security apps are always quick to conjure the argument that protection only comes at the sacrifice of power.
Even Google knows that not all existing apps are secure. Otherwise, Google Protect would not exist, nor would the constant scans of the Play Store app marketplace. As Google is not sufficient on its own, each Android user should use a security app; at least one for free.
Google Play Store eluded once again
Android Lab Team Leader
To be sure, Google does continue to find contaminated apps in its own store, but the most dangerous apps are often detected by others who communicate their findings.
As recently as August 2019, it happened again: the "CamScanner – Phone PDF Creator", an app already installed 100 million times, was uncovered as being dangerous. Some dangerous apps are only in the Store for a short while before being detected, but this version of the CamScanner was already there for a very long time. While the app itself did not contain any malware, it was, however, used as a download back door for Trojans. It was not detected by Google but by Kaspersky. Many suppliers of security software, such as ESET, F-Secure or Trend Micro, for example, continue to detect contaminated apps in the Play Store and warn users. But other security researchers and institutions also repeatedly discover and examine apps, reaching interesting findings.
Google doesn't lay its cards on the table as to how or how often it evaluates apps in practice. In the case of the CamScanner, older versions up to 3.30 were still in good condition. The versions that came later then contained the dangerous back door. Google just may not be capable of detecting apps such as these. As the test indicates, most of the protection apps are able to quickly identify programs downloaded onto the Android device as friend or foe. Thus, a good security app, as shown here in the test, surely cannot hurt.