Great, dangerous or risky: Testing Android virus scanner

27. March, 2019

The good news is that awareness of the vulnerability of mobile operating systems has grown in recent years. The bad news is that the market share of security apps that do more harm than good has grown as well.

The independent testing institute AV-Comparatives in its 2019 Android test found that 170 out of 250 tested Android security apps that were available on Google Play at the time of testing were unsuitable. Only 80 apps achieved a detection rate of more than 30 % without producing false alarms. IKARUS ranks among the leaders with a detection rate of 99.8%.

Security apps only from security specialists

The recognition methods were examined in addition to the recognition rate, which is above 99% only in 36 of the 250 tested apps. Some of the alleged virus scanners only simulated their scanning performance. The “detection” of clean or potentially harmful apps, for example, was done by whitelisting the package names: Known and popular applications are classified as harmless based on their typical naming – a tactic that can quickly backfire when criminals make use of them. Typical for this approach are many false alarms.

Other apps were “only” badly or unprofessionally programmed and therefore not efficient. Some are recognized as “fake AVs”, Trojans or PUAs (Potentially Unwanted Applications) by professional security apps. Normally, these fake AV apps from Google Play are no threat: “Usually they only display advertisements, but leave users unprotected from real dangers,” says Android malware specialist Sebastian Bachmann and warns: “There are enough other apps outside of Google Play – and the range extends from adware to ransomware.”

Fake AVs: from desktop to smartphone

The method is not new and is sufficiently familiar from the classic operating systems, fake AVs for mobile devices were just the next logical step. With the increasing demand for security apps, they are ever more in the limelight. While the more harmless variants only earn money with unwanted advertisements, there are more dangerous copies that specifically aim at user data.

„Armor for Android”, for example, since 2014 has been displaying a warning message indicating security problems that could only be solved by credit card. A “Deep Scan” could be bought for less than one US dollar (weekly). It enticed the customer into the subscription trap, but also into a deceptively real looking payment route, which at the same time took the credit card information.

Free Security Apps: Quality does not have to be expensive

In order to protect against malicious apps or downloads, security apps need extensive permissions – up to the device administrator and thus the possibility to take control of the device if necessary. Another good reason for taking a closer look at the decision whom you want to grant these rights. Before downloading, check the app providers and their privacy policies. At this point, you can often tell whether it is a hobby developer or a professional security software company. Do not be fooled by download numbers or good ratings – both can be manipulated. Read the (critical) comments for the app and learn about independent product testing of the security solution’s efficiency and detection performance, if applicable. With a harmless test virus, you can also familiarize yourself with the actions and reactions of your app – even if the detection of a test file does not say anything about whether an app will also detect “real” and especially current malware.

With the Android app harmless test virus you are safe – and it is free of charge. Daily database updates, monitoring of all apps and downloads, automatic malware scans, a security checkup of the device as well as technical support directly from the manufacturer guarantee professional protection and fast help in case of danger. The premium features URL Filter, Privacy Control and SIM card protection can be tested free of charge and without obligation.

Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
Dynamische Cybersicherheit
Harmony Mobile by Check Point
EU Machinery Regulation
Sergejs Harlamovs, Malware-Analyst bei IKARUS

Plugin IdaClu accelerates malware analysis

IdaClu: IKARUS malware analyst Sergejs Harlamovs wins Hex-Rays plugin contest


IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500


Support hotline:
+43 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download