Android has been one of the most sought after systems by hackers in the world. Malware seems just drawn to it because of its huge user base.
The catch is one of the strengths in Android 4.2 was its new app verification service that tested applications installed against a Google service in the cloud to see whether the app contain malware or not.
After a bit of research, it appears Google failed in its attempt to secure apps against malware as 15 percent of the known malware samples tested on the service ended up detected, said Xuxian Jiang, a researcher from North Carolina State University.
The associate professor at NC State took Nexus 10 tablets running Android 4.2 and, using semi-automated installations, loaded 1260 malware samples from the Android Malware Genome Project onto the devices.
Of the 1260 samples just 193 ended up detected as malware. The researcher also performed a test comparing Google’s verification against a range of ten different existing antivirus applications through VirusTotal, looking at randomly selected malware samples from each malware family. The antivirus applications run by VirusTotal ranged in efficacy from 100 percent to 51 percent, but the Android App verification system scored only 20.4 percent. Google acquired VirusTotal in September.
The researcher said the app verification service uses a fragile mechanism of verifying SHA1 values from the app and package name to determine whether a package is dangerous or potentially dangerous. Jiang believes they need to collect more information to give a more robust system, but he cannot say what information should be or how it should square with user privacy concerns.
He also said the verification system relies on the server component, leaving the client-side of the system completely without detection capabilities. He added those abilities would be a delicate balance for mobile devices. The researcher is more hopeful the potential integration of the Google-owned VirusTotal service with the app verification service could provide much better detection results.