Study: Android 4.2 app verification security only detects 15% of malware


An application verification service built into Google's (NASDAQ:GOOG) new Android 4.2 mobile operating system update identifies only 15.32 percent of known malware, according to a study published by Xuxian Jiang, an associate professor of computer science at North Carolina State University.

"With Jelly Bean Android 4.2, devices that have Google Play installed have the option of using Google as an application verifier," Android Engineering Director Michael Morrissey explained in a Google+ post last month. "We will check for potentially harmful applications no matter where you are installing them from. So, if you install applications from unknown sources like the Web or a third-party app store, this free service will provide you with another layer of security."

But Jiang's research--conducted late last month on Android 4.2-based Nexus 10 tablets using a dataset of 1,260 samples (culled from 49 different malware families) widely shared across the research community, including Google--reveals that the Android app verification feature detected potential threats less than 16 percent of time. By comparison, rival antivirus programs identified between 51 percent and 100 percent of the malware samples.

"By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement," Jiang wrote. "Specifically, our study indicates that the app verification service mainly uses an app's [Secure Hash Algorithm-1] value and the package name to determine whether it is dangerous or potentially dangerous. This mechanism is fragile and can be easily bypassed. It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it). To be more effective, additional information about the app may need to be collected. However, how to determine the extra information for collection is still largely unknown--especially given user privacy concerns."

Security firm F-Secure identified a record-high 51,447 unique samples of Android malware during the third quarter of 2012, up from 5,033 in the previous quarter. "The surge may better be attributed as a natural consequence of the continued high growth in Android smartphone adoption this quarter, particularly in regions such as China and Russia," F-Secure said last month. "In fact, in Q2, China officially surpassed the United States as the largest market for smartphones, with Android handsets accounting [for] 81 percent of that market. These expanding markets have also been notable for the proliferation of less-secure third-party apps markets, which are popular with users for various reasons. This factor may also account for the increasing number of malicious samples seen this quarter."

For more:
- read Jiang's report
- read this Next Web article

Related articles:
Android malware surges to new highs in Q3
Google denies Android malware charges, researchers backtrack
Report: Android malware increased 155 percent year-over-year
Rovio warns against Android malware in fake versions of Angry Birds
Report: Android Market plagued by malware threats
Google unveils 'Bouncer' to scan Android Market for malware