Study: Mobile Antivirus Apps Fail the Spyware Test

Against nine apps that offer spyware-like features, no vendor detected more than six of the nine, with the lowest-ranking only detecting a third of the threats.

  • Share
  • Read Later

In a study published today on Techlicious, antivirus solutions from 12 major security vendors were shown to perform poorly against widely available spyware threats. Against nine apps that offer spyware-like features, no vendor detected more than six of the nine, with the lowest-ranking only detecting a third of the threats.

At the top of the list were Avast Mobile Security, Norton Mobile Security, Trend Micro Mobile Security, and TrustGo Security, while ESET Mobile Security and NQ Mobile took the bottom rung. The detailed scores for all 12 vendors are available on Techlicious.

A significant and growing threat

These results are particularly disturbing in light of the frequency of spyware infections among U.S. smartphone owners, the highly intrusive nature of the threat and the impact spyware can have on its victims.

According to security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual, while Sophos reported a similar .2% infection rate. Extrapolating these numbers out to Android users in general would imply tens of thousands are infected by spyware. And this isn’t just an Android issue: iOS and BlackBerry devices can be easily infected as well.

The perpetrator may be someone you know

Spyware is also far more dangerous than most other malware, both for the data it collects and the nature of the attacker. The apps we reviewed could capture almost every aspect of what we do on our devices, including recording of calls, remote camera image capture, downloading of SMS messages, downloading of photos and videos, downloading of contacts, remote microphone activation, and tracking websites visited – all while hiding themselves in the background to avoid detection. And since these apps require physical access to your phone to be installed, the attacker is likely a spouse, significant other or employer.

For victims, the power this access provides to an abusive or controlling spouse or vindictive employer can have a devastating impact on their lives. (Read the comments from readers in our March 2012 story on mobile spyware to get a picture of what these victims are going through).

Why do security apps fail to stop the malware?

In speaking to security vendors about the results, we uncovered two flaws that contributed to the poor results. First, there seems to a strong bias by security vendors (especially those based outside the U.S.) towards focusing on apps that are available through foreign app markets, where many of the newest malware risks originate. Though very few U.S.-based smartphone owners are likely to ever visit one of these markets.

Second, since these apps could have (legally) valid uses, such as parental tracking, employee monitoring or tracking down a phone thief, many are classified by security vendors as “Potentially Unwanted Apps” (PUA) and not included in the threat databases, regardless of how dangerous the app could be in the wrong hands. The presumption of valid use is a major pitfall to proper detection of threats. And for those potential spyware apps that reside on Google Play, vendors are too willing to outsource threat determination to Google, as our detailed test results clearly showed. Security vendors should be identifying these PUAs during scans as potential malware so users can make their own determination about whether the app is wanted or not.

Click here to learn more about our testing methodology, why independent testing labs are not evaluating spyware detection and our recommendations for how smartphone owners can protect themselves from the spyware threat.

This guest article was written by Josh Kirschner of TIME Tech syndication partner Techlicious.
Related stories from Techlicious:

3 comments
NiCo1
NiCo1

For victims, the power this access provides to an abusive or controlling spouse or vindictive employer can have a devastating impact on their lives. (Read the comments from readers in our March 2012 story on mobile spyware to get a picture of what these victims are going through).

http://spybubblez.com.br/spybubble-funciona/

SteveMobi
SteveMobi

Josh, could you please qualify "And this isn’t just an Android issue: iOS and BlackBerry devices can be easily infected as well."?  The Android threats came from Android app stores (possibly non-Google Play app stores).  Where are the iOS and BB threats coming from, what are they and how did they get on the phone?  You mention that you didn't root the Android phones, just allowed content from additional sources (something most people should avoid in the first place).

JoshKirschner
JoshKirschner

@SteveMobi  Realizing that I'm getting back to this after a long delay, but better late than never....

The Android threats come from both the official Google Play market and third party providers. You are correct that more people shouldn't allow third party content, but that issue is moot in this context because this spyware requires someone with physical acess to your device to install, so that person could easily change your third-party setting if needed (and then set it back so you didn't know the difference).


For iOS and BB, the spyware came from third-party sources, many of whom make spyware to cover each operating system (BB, iOS, Android, and even Symbian). Which actually made my testing much easier - many of the app providers were a one-stop shop.. I could track my Android phone and my daughter's iPhone in the same control panel .The BB and iOS versions also require physical access to the phone and, in the case of iOS, require the iPhone to be jailbrioken. Version 6.1.3 and later of iOS appear not to have commercially available spyware yet (at least that I've come across).