Research shows Android 4.2 malware scanner has paltry detection rate

These aren't the Androids you're looking for
These aren't the Androids you're looking for

The Android app verification service that Google rolled out along with Android 4.2: Jelly Bean detects a minuscule amount of malware, at least according to one researcher.

With a low detection rate of 15.32 percent, North Carolina State University computer science professor Xuxian Jiang refers to the Android scanner as "still nascent."

"Overall, among these 1,260 samples, 193 of them can be detected," Jiang wrote in his research report. "There exists room for improvement."

Jiang noted that while the new verification service doesn't have a solid detection rate, it does include side-loaded apps like ones from the Amazon Appstore for the first time.

Third-party scanners still first-rate

Google's initiative to include a malware scanner inside Google Play did receive some praise from the researcher.

Jiang twice called it "an exciting security feature" and he went on to compliment Google for taking "measures to better protect Android users."

At the same time, though, his report raises the alarm on a false sense of complacency with the official Google virus scanner turned on by default.

"Because of the introduction of this service, people may start to wonder, 'Are third-party security apps still necessary with Android 4.2?'" wrote Jiang, quoting popular consensus.

The answer, for now, appears to be "yes."

Jiang performed a second set of tests including a comparison to 10 third-party anti-virus engines, including popular names like Avast, AVG, TrendMicro and Symantec.

"Overall, the detection rates of these representative anti-virus engines range from 51.02 percent to 100 percent while the detection rate of [Google's] new service is 20.41 percent."

A new hope

The outlook on Google's Android app verification tool is overall positive in the eyes of Jiang, despite the results of his research.

"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android," he wrote in the report.

Jiang also pointed to Google's recent acquisition of VirusTotal as a sign of things to come.

"We noticed that VirusTotal (owned by Google) has not been integrated yet into this app verification service."

"From our measurement results, VirusTotal performs much better than this standalone service," he wrote. "We expect such integration in the future will be helpful."

Matt Swider