Android is in the news yet again for a bit of a security blunder. Google’s most recent operating system release, Android 4.2 Jelly Bean, is under fire for its poor recognition of malware with the use of a new featured called app verification. According to a study conducted by North Carolina State University computer science professor, Xuxian Jiang, the OS detects only 15.32 percent of known malware, which is not a good sign for the safety and stability of the Google Play app marketplace.
Jiang used 1,260 malware samples stemming from 49 separate families in the test and of those, Android 4.2 detected just 193. To add credibility to his findings, he then tested a sample from a random malware family with some of the most well-known anti-virus scanners available: Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft. The rate of detection ranged anywhere from 51.02 percent all the way up to 100 percent, meanwhile Google’s OS had a detection rate of 20.41 percent.
Why is this at all relevant to you? Jiang wasn’t testing the operating system as a whole, rather he was testing out a feature in Android 4.2 called app verification that tries to keep users out of harm’s way when downloading and installing new apps. If the verification test finds malicious code, you’ll get either a warning or a complete block from installation depending on the severity. However, with what looks like approximately a 15 percent successful detection rate, how useful could this app verification really be?
For the full results of the study, you can check out NC State University’s published findings on its website.