Only 15.32 percent of apps containing malware were detected by Google’s recently announced on-device app verification service, designed to protect users from potentially harmful titles, according to a survey from the North Carolina State University.
According to the report: “By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android.
However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement.”
Xuxian Jiang, associate professor in the department of Computer Science at the university, used 1260 samples belonging to 49 malware families installed on Nexus 10 tablets running Android 4.2 – the latest release of the platform.
The study noted that the app verification “mainly uses an app’s SHA1 value and the package name to determine whether it is dangerous or potentially dangerous”. This method was described as “fragile”, and can easily be bypassed.
In order to be more effective, additional information about the app may need to be collected. However, “how to determine the extra information for collection is still largely unknown – especially given user privacy concerns”.
It was also noted that the service relies on the cloud server component to determine if an app is malicious or not, but that “unfortunately, it is not realistic to assume that the server side has all existing malware samples”.
While this could be mitigated by providing detection capabilities on the smartphone or tablet, “due to the limited processing and communication power on mobile devices, we need to strike a delicate balance on how much detection capability can and should be offloaded”.