Google's Android malware scanner pitifully bad, only detects 15.32% of samples

With the release of Android 4.2, Google started including a malware scanner that was designed to warn users if an app tested to be a possible malware app. A computer scientist at North Carolina State University decided to put the scanner to the test and found some interesting results.

Xuxian Jiang found that just 15.32 percent of samples were detected as malware. Jiang used a new Nexus 10 tablet and exposed it to 1,260 different malicious apps. Sadly, the built-in detection system detected just 193. He then pitted the Google system against anti-virus apps from the big names: Avast, Symantec, and Kaspersky .

He found that the third-party apps detected 51 percent to 100 percent of samples picked from the 49 malware families. Google's service found just 20 percent of the same samples. He notes that Google's method of detection can be easily bypassed. Google uses a cryptographic has signature of the app to identify those that have been found to be malicious. .

"This mechanism is fragile and can be easily bypassed," Jiang wrote. "It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it). To be more effective, additional information about the app may need to be collected. However, how to determine the extra information for collection is still largely unknown-especially given user privacy concerns."