Google's Android malware scanner detects only 15 percent of malicious code in test (update)

Android 4.0 welcome robot (STOCK)

With Android 4.2, Google has taken steps to address the lingering threat of malware on its mobile platform with a new security tool that quickly crosschecks sideloaded apps for harmful code. But a computer scientist at North Carolina State University has put Google's solution through a thorough test and found that barely 15 percent of malicious samples were properly identified by the scanner. In conducting his test, Xuxian Jiang loaded 1,260 instances of Android malware onto the recently-released Nexus 10 and examined which of those triggered a warning to users. Only 193 of them did so, amounting to a lackluster 15.32-percent detection rate.

Third-party apps work better for now

The subpar performance is particularly surprising since, according to Jiang, Google has been made aware of many of these test samples by members the research community. The disappointing showing also gives a leg up to third-party apps specializing in virus and malware protection. Until Google's built-in security measures can protect wary users to the same degree as alternatives from the likes of AVG, Dr. Web, and Avast, those apps are likely to remain popular in the Google Play store.

Is malware on Android a real concern?

Of course, whether such apps are necessary to begin with is a matter of heated debate among Android users. For most consumers that download applications exclusively from Google Play, malware is rarely if ever an issue to be concerned with. Still, there have been exceptions. Jiang points out that VirusTotal — recently acquired by Google — exhibited superior detection capabilities compared to Google's built-in scanner. Assuming Google plans to integrate VirusTotal's technology into the core Android OS, the situation could quickly improve in forthcoming software updates.

Update: Google has provided us with a response to Jiang's test results, stating that its malware detection techniques are designed to catch threats users would encounter in actual everyday usage rather than in a test environment.

The Google Play application verification service uses real-world data and multiple detection techniques to protect against Android malware. We go after threats users are most likely to face, rather than just focusing on an AV test set which may not be representative of actual conditions.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.