Get started on your cybersecurity degree at American Military University.
By David Balaban
Google’s Android OS is a true heavyweight in the world’s mobile ecosystem. It dominates the landscape of smart devices with a market share as high as 85% as of first quarter 2017.
Android OS owes a great deal of this market dominance to its extensive flexibility and openness. But Android OS also has a flip side: hackers can exploit it.
Because it is the most popular mobile platform, Android OS is also the most targeted operating system. During the past few years, there has been a substantial increase in cybercriminal attacks on Android smartphones using banking Trojans, spyware and ransomware.
Android Is Generally Seen as Less Secure than Apple’s iOS
Android is generally considered to be less secure than Apple’s iOS and with good reason. Apple is in full control of the hardware, software and firmware in its mobile devices. That makes it much harder for malicious code hidden in apps to make it into the official App Store.
Furthermore, Apple uses rigid encryption mechanisms to safeguard users’ communications. Although iOS is not completely invulnerable to viruses and privacy risks, it works much better than Android in terms of security.
Android Malware Attacks Are Increasing
There have been numerous recent outbreaks of high-profile Android infections. Most of them have been banking Trojans that stole millions of dollars from users’ accounts.
One of the most prolific malware strains is Svpeng. Svpeng’s latest variant, Svpeng.ae, surfaced this past summer and turned out to be groundbreaking. Svpeng.ae exploits a device’s Accessibility Service to gain administrator privileges in mobile device software without asking for the victim’s consent. As a result, the hacker operates as a keylogger and intercepts all text the victim types, including login credentials for bank accounts.
Another example of Android banking malware is BankBot. It also abuses the Accessibility Service and features a clever mechanism of delayed payload execution, so that Google’s security barriers don’t flag BankBot as a threat.
In September, BankBot impersonated a harmless-looking app called Jewels Star Classic, which was downloadable from Google Play. But once inside a device, BankBot malware recorded everything the victim typed.
Android Ransomware Also Experienced Major Growth in 2017
Ransomware is a separate category of Android infections that has experienced substantial growth this year. A notorious specimen of ransomware called LeakerLocker locks the screen of an infected device with a ransom note. It then threatens to send the victim’s sensitive data to all of the victim’s contacts unless a ransom is paid.
Another more infamous ransomware strain is DoubleLocker, which takes that threat tactic a bit further. It denies access to an infected mobile device by modifying the PIN passcode and encrypting all of the user’s personal files. DoubleLocker demands 0.013 Bitcoin (about $150) in ransom to unlock the device and decrypt hostage data.
Reliable Android Security Software Adds an Extra Layer of Protection
Despite Google’s attempts to harden native Android security measures, new and successful malware strains surface all the time. That’s why it’s more important than ever to use a reliable Android anti-malware app.
They will add an extra layer of protection and significantly raise the bar against the infiltration of perpetrating malware code. Not all mainstream Android security solutions are worth their salt, however, so it makes sense to separate the wheat from the chaff.
AVL by Antiy Labs is a relatively new app that delivers top-notch protection for Android devices. While it cannot boast a background as solid as that of big players in the niche like Bitdefender or Avast, independent lab scores speak volumes about AVL’s efficiency.
According to the latest evaluation by German AV-TEST Institute, AVL detected 100% of Android malware in real time and 100% of samples discovered in the past four weeks. The industry averages for the above benchmarks are 95.7% and 98.4%, respectively.
AVL can detect malicious entities in multiple formats, including APK, DEX, ELF, PE, and EPOC. Users can optionally enable the App-Only Scan feature to scan executables only. Furthermore, AVL can be customized to balance scan speed and detection capability.
2) Security Master
Another comparatively new applet called Security Master by Cheetah Mobile protects Android devices with its intelligent diagnosis modules. Its most recent 4.2 edition boasts immaculate AV-TEST scores for real-time protection. Security Master is also equipped with privacy protection and smartphone optimization extras such as App Lock, Privacy Cleaner, Wi-Fi Security, Power Boost, Junk Clean and CPU Cooler.
3) Alibaba Mobile Security and AhnLab V3 Mobile Security
Other noteworthy new players on the Android security arena include Alibaba Mobile Security and AhnLab V3 Mobile Security. Alibaba automatically scans installed apps, new apps and memory card content and detects even uncatalogued perpetuating code with a 99.3% success rate.
Alibaba is free and doesn’t display any ads. Its protection score isn’t the highest, but it’s still well above the industry average.
AhnLab V3 Mobile Security is another promising Android security app. It scans applications before and after installation in search of suspicious behavior.
V3 also protects user privacy and raises red flags on phishing websites, spam and data leakage. To its credit, the tool is CPU-friendly and uses only a small amount of battery power. However, on the negative side, V3 lacks an anti-theft functionality.
Anti-Malware Solutions from Other Companies Now Dominate the Industry
There are quite a few Android anti-malware apps on the market. However, things are changing rapidly.
Mobile security apps made by leading desktop antivirus vendors – such as Avast, Bitdefender and ESET – used to top the ratings. Now, these applets aren’t making it higher than fifth in most ratings.
These days, software solutions crafted by publishers with far less of a track record dominate the industry in terms of effectiveness. Perhaps the key to the success of these game-changing vendors is that they specialize only in Android security.
Google Play Protect, a new security system aimed at detecting malicious apps uploaded to the official Play Store and malicious apps residing on users’ devices, didn’t turn out to be as effective as anticipated. Google Play Protect actually flunked its first real-world test. According to September’s evaluation by AV-TEST lab, Google Play Protect detected only 65.8% of zero-day Android malware and 79.2% of existing infections.
It’s certainly good to know Google is working on Android security enhancements. But using a dependable mobile security solution in addition to these defenses continues to be the rule of thumb.
Get started on your cybersecurity degree at American Military University.
About the Author
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com website, which presents expert opinions on information security matters, social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.