An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised.
The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store.
The report's results[1] are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors.
Only 80 of 250 apps passed a basic detection test
The AV-Comparatives team said that out of the 250 apps they've tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests.
The tests weren't even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it.
They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago.
Some apps don't actually scan for malware
However, results didn't reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didn't actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code).
Essentially, some antivirus apps would mark any app installed on a user's phone as malicious, by