In a study published today on Techlicious, antivirus solutions from 12 major security vendors were shown to perform poorly against widely available spyware threats. Against nine apps that offer spyware-like features, no vendor detected more than six of the nine, with the lowest-ranking only detecting a third of the threats.
At the top of the list were Avast Mobile Security, Norton Mobile Security, Trend Micro Mobile Security, and TrustGo Security, while ESET Mobile Security and NQ Mobile took the bottom rung. The detailed scores for all 12 vendors are available on Techlicious.
A significant and growing threat
These results are particularly disturbing in light of the frequency of spyware infections among U.S. smartphone owners, the highly intrusive nature of the threat and the impact spyware can have on its victims.
According to security company Lookout, .24% of Android phones they scanned in the U.S. had surveillance-ware installed intended to target a specific individual, while Sophos reported a similar .2% infection rate. Extrapolating these numbers out to Android users in general would imply tens of thousands are infected by spyware. And this isn’t just an Android issue: iOS and BlackBerry devices can be easily infected as well.
The perpetrator may be someone you know
Spyware is also far more dangerous than most other malware, both for the data it collects and the nature of the attacker. The apps we reviewed could capture almost every aspect of what we do on our devices, including recording of calls, remote camera image capture, downloading of SMS messages, downloading of photos and videos, downloading of contacts, remote microphone activation, and tracking websites visited – all while hiding themselves in the background to avoid detection. And since these apps require physical access to your phone to be installed, the attacker is likely a spouse, significant other or employer.
For victims, the power this access provides to an abusive or controlling spouse or vindictive employer can have a devastating impact on their lives. (Read the comments from readers in our March 2012 story on mobile spyware to get a picture of what these victims are going through).
Why do security apps fail to stop the malware?
In speaking to security vendors about the results, we uncovered two flaws that contributed to the poor results. First, there seems to a strong bias by security vendors (especially those based outside the U.S.) towards focusing on apps that are available through foreign app markets, where many of the newest malware risks originate. Though very few U.S.-based smartphone owners are likely to ever visit one of these markets.
Second, since these apps could have (legally) valid uses, such as parental tracking, employee monitoring or tracking down a phone thief, many are classified by security vendors as “Potentially Unwanted Apps” (PUA) and not included in the threat databases, regardless of how dangerous the app could be in the wrong hands. The presumption of valid use is a major pitfall to proper detection of threats. And for those potential spyware apps that reside on Google Play, vendors are too willing to outsource threat determination to Google, as our detailed test results clearly showed. Security vendors should be identifying these PUAs during scans as potential malware so users can make their own determination about whether the app is wanted or not.
Click here to learn more about our testing methodology, why independent testing labs are not evaluating spyware detection and our recommendations for how smartphone owners can protect themselves from the spyware threat.
This guest article was written by Josh Kirschner of TIME Tech syndication partner Techlicious.
Related stories from Techlicious: