Facepalm: In a survey of 250 Android so called. Antivirus applications, only 80 were found to block more than 30% of malicious software samples. Some of the tested applications did not have any antivirus functionality at all.
AV-Comparatives is an industrial research group that evaluates antivirus programs for their effectiveness. Recently they launched a study of Android antivirus products from the Google Play Store and the results were quite surprising. They tested each application with 2,000 most common threats and recorded malicious Android applications that were caught and missed. The tests were automated, but they worked on real phones, not emulators.
The test was designed to be simple and as a result, most real antivirus applications revealed 100% of the samples. Altogether there were about 50 applications that had reached over 90%.
As a control, they also tested clean applications to see if antivirus applications actually scan the phone. What they found was that many alleged antivirus applications simply marked each other application on the user's phone as suspicious, unless it was on the list of allowed apps.
Some applications displayed a progress bar during "scanning", but this was only based on a predefined delay for many files on your phone. Some applications even recognized themselves as risky because developers forgot to add their name to the list of allowed apps in the app.
There was also an unbridled plagiarism among less legitimate applications. Many just used an antivirus engine from other reputable applications, despite the fact that they still billed their application. Some applications even went to copying the legitimate application interface as shown below.
Sometimes it can be difficult to determine which applications are real, because blurred developers can buy comments and ratings.
The frequency of the update or download number is not the best indicator. AV-Comparatives recommends keeping known brands because even a diluted free version of a real application is better than any scam.
Among the recognizable names that have passed well are Avast, AVG, Avira, BitDefender, BullGuard, Emsisoft, ESET, F-Secure, Kaspersky Lab, McAfee, Sophos, STOPzilla, Simantec, Tencent, Trend Micro, VIPRE, Lookout, Malvarebites, CheckPoint, Vebroot and Zemana. See the report for the whole list.
We are also surprised by the amount of false "security" software distributed on Google Play without any intervention from the platform. We also have to assume that the owners of AV applications that work, whose works are written off by others, tried at some point to correct this wrong, but application stores are really really hard to work, hence a large number of useless applications are waiting to be discovered. Google eventually removes most of them, but not before thousands of users download them.