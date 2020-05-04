Use antivirus on Android or not, the great question. The role of these applications, especially at the level of mobile operating systems, may raise doubts, especially considering the multiple protection measures against applications with malicious code that Google has launched, with a clear example in Google Play Protect.

That is why we wanted to delve into the subject, comment on some of the reasons why it may (or may not) make sense when installing one of these solutions, as well as consult with experts to offer us their point of view about the usefulness of such antivirus.

Higher adoption rate, more likely to be attacked

At a first glance at the security level, we find data that indicates that Android is one of the operating systems with the most vulnerabilities in recent times.

As we usually do, let’s take a look at the numbers to, first of all, get an idea of ​​how the Android scenario is at the security level. If we look at the StatCounter data it indicates an adoption rate of 38.9% of Android at the level of all operating systems, above Windows and doubling the numbers of iOS. There is no exact correlation between being popular and being attacked, but the data indicates that this is the case.

In fact, we recently published that Android tops the list of the most vulnerable operating systems of the last 20 years alongside Windows. Casually, the two most used operating systems in the world. The cases of attack on Android are constant, despite the additional measures provided by Google.

When we talk about “viruses” and malware on Android, we tend to think of malicious applications. However, there are multiple different dangers, such as unsafe networks, phishing attacks via email or SMS, and more.

We have recent examples of coronavirus-related malicious apps, in CamScanner, an application that was removed from the Play Store after a Trojan was detected in one of its latest updates, malware that automatically reinstalls itself, etc. Similarly, attacks it’s not just about apps. Phishing is more common than we would like, with well-known cases such as that of the false SMS from Correos or alleged Movistar information that is really phishing.

The summary is clear: Google is fighting malware and attacks, but there are still cases. With this point on the table, it is worth considering whether resorting to third-party software to go beyond what Google achieves may or may not make sense, so we have consulted experts in this sector to contribute their vision.

The antivirus is to add, according to the companies themselves

Luis Suárez, one of Kaspersky’s engineers, has been kind enough to explain to us why it makes sense to install an antivirus on Android. He tells us that Google’s operating system has several points where it can be attacked, reminding us of the famous Camscanner case. A Trojan capable of stealing information and generating advertisements slipped into the application, something that Kaspersky itself reported to Google.

Similarly, it highlights the difficulty of Google in the face of control app updates. Once the application has passed the Play Protect filter, it is not so easy to check its behavior in consecutive updates.

“The most” clunky “users are more dangerous because they install applications outside of the Google store.”

Account also the case of the most advanced users, those who fearlessly install applications from external repositories. This practice does not have to mean that we end up downloading malicious files, but it points out that this type of user is more likely to be infected, since these applications are not always properly checked.

Antiviruses can check downloaded files outside the Play Store, carry out constant system scans, focus on phishing and other additional security measures

From Kaspersky they affirm that betting on the antivirus makes sense since it is an extra measure of security compared to what Google Play Protect provides. For protect in case of phishing campaigns (detection of malicious links), check files downloaded outside the Play Store, protect connections to prevent our data from leaking (in the case of your VPN), etc. He also emphasizes something that has caught our attention: he ensures that antivirus scans are performed at “non-invasive hours”, in order to minimize the impact on the resources of the terminal, a dreaded point when using these tools.

We have also consulted Josep Albors, Head of Awareness and Research at ESET, to learn another point of view. He tells us again that antivirus are to add and that provide a plus regarding Google’s security measures.

“An antivirus can provide more intelligence, greater analysis capacity. We are dedicated to looking for threats.”

Albors says that the Play Protect analysis analyzes the app’s code the moment it is uploaded. In the case of antivirus, your updates and the connections you make are analyzed, among others. “Let’s say Google’s analysis is more static and antivirus’s more dynamic.” In other words, the antivirus has a more active role regarding the constant detection of threats, while Google’s security measures act as a first filter. They can also provide security against phishing, warn of fraudulent pages, etc.

“Something a lot of people don’t value is the issue of updates and technical support.”

Something that catches the eye from ESET’s point of view is the aspect of technical support. Albors tells us that “if something goes wrong on your Android, who are you calling?” An antivirus is backed by a technical support service, either by email or phone, providing that extra regarding Google’s security measures.

In short, he tells us that an antivirus provides greater analysis capacity and possibilities, since they come into the hands of companies specialized in detecting threats.

The point of view from app development

Apart from experts in the field of antivirus, we wanted to talk to Linuxct, contributor to XDA Developers and engineer. He can also give us a different and quite specialized point of view about the use of antivirus in Android. Linuxct tells us that, from a technical point of view, the biggest problem you see is that these antivirus programs are closed source, which prevents other people from validating that the actions they are taking are appropriate.

For example, when antivirus programs intervene and intercept malicious links, we really don’t know if they are capturing all the URLs and using them for ‘something else’, such as establishing patterns of person use (an internet fingerprint, for example). so to speak) and then use it for their own purposes (improve the product, show ads more in line with the person) or even market it … It’s just an example of what these applications can do. In the end, all this depends on the software provider and the reputation it has, whether it is a free or paid solution (I am in favor of the saying ‘If you do not pay for the product, you are the product’), and above all that you indicate in your terms and conditions of use. This is why I personally try to run away from them.

He concludes that so the main point is to think that it is likely that usage data may be used by the manufacturer of the antivirus software for their own interests or to be sold if allowed by their terms and conditions of use. As an alternative, proposes Open Source alternatives from repositories like F-Droid, in which there are applications that meet the needs of an antivirus (such as monitoring the WiFi network, preventing phone phishing, cleaning residual files, etc.).

Testing popular antivirus

Seen from the experts’ point of view, we have tested some of the most popular Google Play antivirus to offer our insights and reflect on them. All the ones we have downloaded are free and we have been using them for a week.

Avast Mobile

AVG Antivirus

Kaspersky Mobile

ESET Security

Avira

In the case of Avast Mobile and AVG we found exactly the same application in duplicate. At the operational level, in our opinion, they leave something to be desired. It is especially annoying that show warnings of problems when absolutely nothing happensHowever, if we have been without the analysis for a few days or if we have not activated the protections they indicate, a red warning will appear warning that we are in danger. Both apps promise to protect you from ransomware, fake apps, SMS Trojans, spyware, adware, and so on, so they look like complete apps on a security level.

They are interesting too functions to locate the device remotely, although everything must be done from our AVG or Avast account from the web, giving the relevant permissions (all) to the application so that it can locate the device and shoot with the front camera remotely.

Regarding Kaspersky antivirus, we found a somewhat better experience. There are still warnings for not having everything active, although at the analysis level it is much more customizable. We can do a quick analysis of apps, a complete one or just one of the folders we want, a good detail. We can likewise activate filters for calls and enable anti-theft features, just like Avast and AVG. In the same way, we can select what to do with the files that it detects as dangerous, set analysis only for compressed files, etc. The app promises to protect against all kinds of malware.

The ESET application has as a positive point the transparency in the reports it offers. We are detailed at what time each analysis was performed, when the database was updated and, importantly, parses applications when updated. In other words, if you have already analyzed the X app but it is updated, the analysis is performed automatically again. Similarly, it has an interesting function of home network analysis, to know what devices are connected at all times to our WiFi network. There is also no lack of app locks and constant device monitoring.

Avira’s antivirus adds to notices you shouldn’t be sending. If we do not have all the options activated, among them “performance optimizers”, it sends notifications saying that it has detected problems. Its analysis brings together both the applications and the files on the device, being able to configure some of the categories in which it analyzes, but not the time or days. We also have the option of blocking applications and remote control of the device from our Avira account.

Antivirus is one more option, but it is not necessary

In our case, after consulting with experts and spending a few weeks using various antivirus programs, we can conclude that are to add, especially in connection protection, phishing and remote phone blocking. Regarding protection at the application level, it is true that they represent an extra layer of security, although if we download apps directly from the Google application store we can be relatively sure that the application has no problems.

Antiviruses can be useful to add an extra layer of protection, although it is not necessary to have them installed for our mobile to be safe

It is especially annoying how intrusive some antivirus can be, bombarding us with notifications if we do not carry out the analyzes and showing us as security problems not to activate all its options.

The point of view of developers such as Linuxct, who counted well, must also be taken into account. the amount of data that antivirus can receive about us, since the number of permits we grant them is not small. In other words, it is not necessary to install an antivirus if we want to be sureAlthough there is no problem if we want to use them as an additional layer.