Search the world's information, including webpages, images, videos and more.
Android 4.2 Security Hole: Only 15% of Malware Detected
Android 4.2 is off to a pretty bad start. Last month we covered Google’s holiday faux pas in omitting the month December from the Peoples app inside Android 4.2 and now it seems researchers have discovered another shortcoming. Unlike the cosmetic problem of not having a month added inside a contact app, researchers have found significant security problems inside Android 4.2 (Jelly Bean).
Poor app verification
According to Xuxian Jiang, an associate Computer Science professor at NC State University, Google’s app verification service was so poor at detecting malware that only 15.32% of malicious apps were detected. Put another way, over 84.68% of malicious apps would get through Google’s present filters. A total of 1,260 samples were taken from a pool of 49 different malware families. The samples were installed on Google’s Nexus 10 tablets, all running Android 4.2 but by the time the test was done; only 193 of the malicious samples were detected.
To corroborate his findings, Jiang and his researchers ran a random sampling of the malware through standalone anti-virus programs (AVG, Avast, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft). Unsurprisingly, the majority of the AVs performed well and there was a 50 – 100% detection rate among the malware sampled.
Android 4.2 dropping the ball big time
The study conducted by Jiang and his team has no doubt highlighted a flaw in the detection process but an even greater concern is the fact that the new malware verification system is optional in terms of how it executes blockage of bad apps. When Android 4.2 does detect malware it offers one of two choices: 1) A warning that tells the user of the danger of installing the app and 2) A prompt telling the user that the app has been blocked from being installed. The second system of course is better and doesn’t give the user the option of installing the malicious software, however, this is the system that Jiang and his team is claiming doesn’t work very well.
Of course you could argue that users have a responsibility to protect themselves and so judicious scanning of apps should be undertaken anyway. But that argument would miss the obvious point that many of Google’s app installation process takes place outside the present remit of app verification, a process which is not found on earlier versions of Android.
Some people have argued that Google seems to be rushing updates in an effort to keep up with Apple. A litany of bugs and failed inclusion of features adds some credence to this argument and Google needs to fix many of the ongoing problems facing Android 4.2. Whilst many users may forgive the search giant for omitting Christmas from an app, having their personal details stolen may not go over well. What is clear is that both Apple and Google are rushing things because iOS 6 had massive problems at the time of its release also. The difference between the two is that Google releases devices that are becoming more and more exclusive to Android 4.2 (think Nexus 10) and so not fixing the bugs and security issues could affect sales.
Have you upgraded to Android 4.2? Share your thoughts with us on the bugs and security holes using the comments below.
3 Responses »
- Watch out Android Users: 18.4 Million Android Devices Will Be Hit with Malware in 2012/2013