All Sections

Android Jelly Bean malware blocker doesn’t stop much, study shows

‘Use Android at your own risk’ is the message from North Carolina University following tests they performed on Android 4.2 Jelly Bean’s new anti-malware capabilities.

As stated on the The Register, according to associate professor Xuxian Jiang at NCU, the latest iteration of Android Jelly Bean features an inbuilt malware checker which in his tests, performed extremely poorly. In a sample size of 1260 malicious apps taken from the university’s Android Malware Genome Project, 4.2 Jelly Bean was only able to identify 193 of them as dangerous or potentially dangerous, which equates to just 15.3%.

On the bright side, Mr Jiang pointed out that at least Google have decided to integrate these new security measures into the OS at all, with previous iterations of Android featuring no such protection and instead leaving it up to third-party apps and developers to provide suitable solutions.

Malware

Malware has the potential to allow a hacker access to a users device, including contacts, billing information, account details and more. Even the worst performing of ten third-party alternative anti-malware services tested was able to prevent at least 50% of malicious apps from slipping through the net, highlighting just how weak Android 4.2’s current feature is.

The shortcomings of the native anti-malware technology are rooted in its lack of depth when checking potentially dangerous app. Jelly Bean requires only a few points of identification to pass through the filter, whilst alternatives operate under far more stringent filtration rules. Again, Mr Jiang reported that, “Specifically, our study indicates that the app verification service mainly uses an app’s SHA1 value and the package name to determine whether it is dangerous or potentially dangerous. This mechanism is fragile and can be easily bypassed.

So tread carefully when allowing unknown sources onto your device, particularly if the app name isn’t an already popular, well known service. Google had purchased a file-scanning security service in September called VirusTotal, however their programs and algorithms haven’t yet been assimilated into the stock Android OS, despite the fact that their standalone application is far better than that which is currently in use.

Comments