The latest research about Android security has yielded some startling results. The source of that security issue may well come as a surprise: antivirus apps that are designed to protect devices and users. Researchers at Testing Experts Complex found that more than 28 million installers were offering attack opportunities and opportunities to actors trying to exploit vulnerabilities on the Android platform.
Overall, Compartec has added 21 different Android antivirus applications for testing during several weeks. Some 47% of them failed in one way or another. The three apps had serious security flaws, including a significant vulnerability to exposing users’ address books, nudging details of an estimated million contacts. Another vulnerability has made an attacker an “easy remotely disabled application” by an attacker.
And before we even mentioned apps that were unable to detect viruses used during the testing process, or almost all of them were found to track their users according to Compact Researchers.
“Compitech spent weeks testing popular free Android antivirus apps,” said Aaron Phillips, a researcher at Componitech. “We look at how each vendor handles privacy, security and advertising.”
How Android Phone Risks?
Khalid Sarkar, a comparative senior security researcher, took responsibility for testing for every application, its effectiveness, web management dashboard and any back-end services. The application was also screened for dangerous permissions and trackers embedded within them.
The conclusion was that at least in many cases, the user is not getting what the app promised in its play store details. While 47% of applications failed in some way the testing system, the three apps were notified of serious security flaws.
Kompertech reports that it “found the wrong web services wrong,” affecting Vipra Mobile, Eglisab and Bulgard, which “could endanger user privacy and security.”
On August 1, before the report became public, vendors were notified and worked with comparative tech to patch up vulnerabilities. “We can confirm that all the weaknesses were cured,” comparisonTek said.
How do Android antivirus applications fail?
The researchers also used a Maytas-split payload that attempts to open the reverse shell on Android phones without much effort. “Every Android antivirus should be able to detect and prevent the application,” Compartec emphasized.
However, according to the research report, none of the following mobile antivirus apps was able to detect this “dangerous test virus:”
Agislab Antivirus Free, Anti-AVL Pro Antivirus and Security, Brainiac Antivirus System, Photoable Super Cleaner, Malwarefox Anti-Malware, NQ Mobile Security and Antivirus Free, Tap Technology Antivirus Mobile and Zamana Antivirus and Security.
What about privacy concerns?
Comparability discovered “dangerous permissions and ad trackers” to address privacy concerns with the security app. Of course, Google ensures that these permissions “affect user’s privacy or general operation of the device”
Comptech integrated the “dfndr protection: antivirus, anti-hacking and cleaner” app from PSafe as the worst offender. The report says, “The effective number of ad trackers associated with the app is impressive,” continues, as far as we can tell, dfndr inspires users with search and browser habits for sale in every advertisement . ”
“We never sold a single byte of users’ data to anyone. Period.” In response to the Compactech findings, Marco DeMello, CEO of PSF Inc., which makes DF&R, says, “We do not collect any personally identifiable information (PII) and all other data, again, locally for security purposes Are and are never sold. Anyone. “DeMello states that ad software development kits (SKDs) using dfndr from Google, Facebook, Mopub apply and” any In Risthiti we ever do not share user data with the SDK. “We will never have any data or it will not sell.”
As far as “dangerous permissions and ad trackers” say the Compitech report says they are concerned, DeMalo says dfndr only wants permission for anti-theft facilities for terrain, cameras, IMEI, etc. Is – 100% opt-in, and allows users to remotely wipe their phone. “DeMello says that only the owner can do this, not PSEF, this facility allows users to obtain data and pictures of intruders if their phone is lost or stolen.” Only users who are anti- Activating the theft feature, they provide our DAF&R app with these permissions, “DeMello insists,” and for the same purpose.
See more at www.androidawareness.com