Android 4.2 May Have Its Own Malware Scanner, But Research Shows You Shouldn’t Rely On It

Android’s built-in malware scanner can’t be completely trusted just yet.

With its Android 4.2 Jelly Bean upgrade, Google provided its users with extra protection by introducing an extended malware scanner that’s designed to prevent malicious applications from making their way onto your smartphone or tablet. Not only does it scan the apps you download from Google Play, but also those you acquire from third-party sources, such as Amazon’s Appstore.

It gives Android users peace of mind. The only problem is, new research has proven that the feature is largely worthless. When Google’s malware scanner was put through its paces, it was able to detect just 15.32% of malicious apps.

North Carolina State University computer science professor Xuxian Jiang, who has tested the malware scanner with 1,260 samples, calls Google’s feature “still nascent.”

“Overall, among these 1,260 samples, 193 of them can be detected,” Jiang wrote in his research report. “There exists room for improvement.”

Jiang does praise Android malware scanner in his report, highlighting its ability to scan side-loaded apps obtained from third-party sources. It’s “an exciting security feature,” Jiang said, before complimenting Google for taking “measures to better protect Android users.”

However, Jiang is concerned that the feature will give Android users a false sense of security, and lead them to believe that third-party security services are no longer necessary.

“Because of the introduction of this service, people may start to wonder, ‘Are third-party security apps still necessary with Android 4.2?'” wrote Jiang. “Yes.”

In a second set of tests, Jiang tested Google’s system against third-party antivirus engines, including those from Avast, AVG, TrendMicro, and Symantec: “Overall, the detection rates of these representative anti-virus engines range from 51.02 percent to 100 percent.”

Android 4.2’s security feature clearly needs a lot of improvement, then, but Jiang notes that Google may have something up its sleeve. The company recently acquired security firm VirusTotal, but as yet, it is yet to integrate its technology into Android.

“We noticed that VirusTotal (owned by Google) has not been integrated yet into this app verification service,” Jiang said.

“From our measurement results, VirusTotal performs much better than this standalone service. We expect such integration in the future will be helpful.”

While Android’s malware scanner may be a big step in the right direction, it’s too early to trust it completely to keep your smartphone or tablet free from malware. You’ll still want to rely on a third-party service while Google irons out the kinks.