US professor slams ‘dangerous’ failures in Android malware vetting

Vast bulk of malevolent programs not detected by new Google procedures

Research by a US professor has revealed that an astonishing 85 per cent of malware fails to be discovered by Google’s new app verification service.
Though Google’s Bouncer service scans for viruses and malevolent programs in featured Play Store apps, users often opt to “sideload” applications so bypassing any protection. To overcome this Google recently introduced its application verification service in Android 4.2, letting users send information about any app back to the search giant to check if it is safe.
But now research by Professor Xuxian Jiang at North Carolina State University suggests Android 4.2′s latest built-in app checker is failing, missing the bulk of known malware.
He tested the Google service against 1260 samples of known, malicious apps and found that only 193 of them were identified as dangerous — a detection rate of a mere 15.32 per cent.
The samples were collated as part of the university’s Android Malware Genome Project, an initiative undertaken by Jiang to characterise malevolent Android programs for use by the IT security industry and device markers. With the exception of a few manufacturers such as Nokia, Samsung and T-Mobile, so far most of the data has been requested only by fellow university researchers and security firms.
Meanwhile Jiang has criticised Google’s latest attempts to verify apps through its 4.2 OS, saying that while it was a step in the right direction its poor detection rate was “potentially dangerous”.
Googe has yet to comment on the research.

About Dave Evans

Dave Evans is a long established commentator on both the IT and cellular industries. His current focus is on share price trends within the sector. You can email him here
This article was published in Samsung, android, google, mobile news, mobile security, nokia, qualcomm and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>