Home Android 47% of free Antivirus apps for android failed on a test

47% of free Antivirus apps for android failed on a test

One of the main problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — start to coexist on the same device with all the stuffs the employees download for personal purpose. This isn’t the ideal thing, but even worse is if employees choose to download a second antivirus program. Having two apps for the same thing, for example: two VPNs, two word processors, two email programs, etc., antivirus programs may get some conflict and fight each other, and we can get false positives and unexpected results.

By having two antivirus it only doesn’t work well, but it will weaken the security of the smart devices. There are only few free antivirus for Android devices out there and those are that the employees choose to download. If the company already have installed a high-lever antivirus on the Android device, why does the employee pay to install a second one? The free versions are much more tempting for most scenarios.

I’ve found this a report from Comparitech and that’s alarming. The report has found that some free antivirus has adware and have a lot of violations of the user’s privacy. They’re not good when we talk about detecting viruses, even the most commons one. Truly, the report is so alarming that from the 21 free antivirus they tested, 47% of them failed detecting viruses on Android devices. You can find the test by clicking here.

“We found serious security flaws in three of the apps we tested and found seven apps that couldn’t detect a test virus. In total, 47% of the vendors we tested failed in some way,” Comparitech said in a blog post.

Seven free Android antiviruses couldn’t detect the presence of a known virus. “The Metasploit payload we used attempts to open a reverse shell on the device without obfuscation. It was built for exactly this sort of testing. Every Android antivirus app should be able to detect and stop the attempt,” said Comparitech in the blog post. According with Comparitech these are the apps that couldn’t detect the malware: Antiy AVL Pro Antivirus & Security, Tap Technology Antivirus Mobile, Brainiacs Antivirus System, Fotoable Super Cleaner, MalwareFox Anti-Malware, AEGISLAB Antivirus Free, NQ Mobile Security & Antivirus Free, and Zemana Antivirus & Security.

A lead researcher with Comparitech, Paul Bischoff, said this: “People are enticed by free.”

So, how these apps makes money? They generate revenue through a combination of adware and selling sensitive user’s information to third party. This violates privacy concerns, Bischoff said.

We could read in the blog this alarming statement: “In our analysis, dfndr security was far and away the worst offender. The sheer number of advertising trackers bundled with the app is impressive. As far as we can tell, dfndr puts users’ search and browser habits up for sale on every ad exchange there is,”. “Dfndr also requests permission to access fine location data, access the camera, read and write contacts, look through the address book, and grab the IMEI (unique ID) and phone number of the device.” It is like allowing someone to track everything about your digital life. And the sad story about this is that they’re sold online.

There’s another privacy concern according to Comparitech, the problem is about the Antivirus VIPRE, the sad here is that when you go to www.vipre.com and if you search for it on google you can find this title in the first search result: The Best Antivirus Protection For Home & Business | VIPRE. But based on the test that Comparitech did, they have the following comment about them in the blog note: “Using the online dashboard, we discovered it was possible for attackers to access the address books of VIPRE Mobile users with cloud sync enabled. Based on our proof-of-concept and the popularity of the app, we estimate more than a million contacts were sitting on the web unsecured. The flaw was caused by broken or poorly implemented access control, which manifests as an insecure direct object reference (IDOR) vulnerability in VIPRE Mobile’s backend. The script responsible only checked to make sure the attacker was logged in. No further checking was done to ensure the request was being performed by the proper device or account.”

Another antivirus that have fallen in this terrible test was BullGuard. They said that worked with them to “fix the hole they found”.

“BullGuard Mobile Security was affected by an IDOR vulnerability, which allowed a remote attacker to disable antivirus protection. We found it would be trivial for an attacker to iterate through customer IDs and disable BullGuard on every device. Our testing found the request generated when a user shuts off antivirus protection can be captured and altered. By changing the user ID in this request, antivirus protection on any device can be disabled. Access control did not appear to be in place to ensure the correct user was making the request. We discovered one of the scripts responsible for processing new users on the BullGuard website is also vulnerable to XSS. The script in question doesn’t sanitize any parameters passed to it, which enables an attacker to run malicious code. In this case, it was trivial to display an alert on the page. In other cases, adversaries might use this vulnerability to hijack sessions, harvest personal data, or carry out several attacks. For example, high trust websites like BullGuard make an ideal platform for phishing campaigns.” We read on the Comparitech public blog.

Based on Comparitech comments, they said that the BullGuard hole was impressively bad. “The IDOR vulnerability is as embarrassing as it gets for an antivirus vendor. Users rely on antivirus software as a line of defense for their devices, so when it can be disabled silently and remotely, that’s a devastating blow. BullGuard repaired both vulnerabilities, now they need to work on repairing their reputation with users.”

Base on the comments of Bischoff, he said the research results weren’t all bad, stating that almost all vendors worked well with their antiviruses. When asked wich free antivirus for Android are the best, he said that “MalwareBytes and Komono are good”.

Enterprise IT should pay attention this report because it can be an issue and could lead to a data breach for enterprise information. We know that most of the small businesses and enterprise IT department don’t include in their budget to buy a high-level antivirus for the corporate and BYOD phones. With this comparison report IT departments should look for a way to install only high-level antiviruses for Android devices even for corporate owned phones and for those on the BYOD program.

Richard Sabinohttp://itspecialistdr.com
I like to share Information Technology News and how-to tips with all the people around me. I created this blog to reach the most people I can.

Must Read

Microsoft Antivirus will reach Android and iOS devices

Microsoft has to its credit one of the best-considered antivirus in the computer security market. Windows users can protect their PCs with...

Computers having Windows 7 can’t shut down or restart, here’s a workaround

As most of you know, in mid-January Microsoft discontinued support for Windows 7, but a bug preventing users to shut down or restarting...

How Jeff Bezos’ iPhone X, the CEO of Amazon, Was Hacked

Almost two years ago, Jeff Bezos' iPhone was hacked. Then, in 2019, the Amazon CEO is on a mission to figure out...

Microsoft will force Bing as default search engine on Google Chrome

Microsoft has announced last week that it will change the default search engine of Google Chrome to Bing - The Microsoft's own...

Apple: Why Europe wants to force the tech giant to stop using its “lightning” cable

Lightning, the characteristic connector cable for charging and synchronizing many Apple devices, could have its days counted in Europe.

How to: Whitelist Email Addresses in Microsoft Office 365

Sometimes Exchange can be a little overzealous in protecting you from spam and other unwanted email. To make sure messages get through,...

The NSA discovered a Flaw in Windows 10

Microsoft has now published its January security advisories and warning its users about 49 new vulnerabilities in its various products.