Android Antivirus Apps: Reviewing the Contenders
With all of the recent market related malware scares, I thought this was the best time to review some of the more well-known antivirus apps for Android. When I started this task I had certain expectations, but these apps are quite different from each other. While some have more than others, they each offer their own set of unique features. Of course, they had one thing in common - the antivirus scan. Some performed well against my test files, while others didn't do so well.
For the intents of this article, I am going to try my best to focus on functionality and not the interface. However, if something is so bad that I feel it hinders the performance of the app, then I will most definitely mention it.
Testing Android Antivirus Apps
I used two specific files - EICAR Test Virus and Antivirus TESTFILE - to test against the Antivirus apps. These files are made to emulate a virus, but are not harmful to your system. They simply include one line of code that any antivirus should detect as malicious. Both files are free in the Android Market, install like regular apps, and require NO permissions, so you can rest assured that they're safe to use since they have no access to your phone or the internet. I recommend that everyone test these files out against your current antivirus app to see how it compares to the others.
To verify the integrity of each antivirus application against the test files, I used two methods. First, I had the test files installed on my phone prior to installing the antivirus. This way, the initial scan would be given the opportunity to detect the malicious code. Secondly, I uninstalled each of the files and then reinstalled them, giving the real time scanner and chance to do it's job. I will outline the findings of each AV below.
Lookout Mobile Security
Upon initial launch, Lookout did what I would expect any good antivirus to do - a scan. The scan was quick, taking only about 1 minute to sort through all of my 161 apps. Almost immediately it found both of the test files, prompting input on what to do with them - either remove or ignore. Since they were just test files, I chose the latter. Along the same lines, when I uninstalled/reinstalled the test files, Lookout quickly warned me of their existence.
The notification system with Lookout is pretty basic, allowing only to enable notification all the time or disable them completely. It's worth noting, however, that regardless of which option you choose, the realtime scanner will notify you that any new app has been scanned after installation.
When considering protection of a mobile device, there is more than just the threat of malicious software -- there is also the threat of losing the device or having it stolen. Most of the mobile security apps that I tried included features to locate your lost or stolen device, remotely lock it down, or remotely wipe all data. Lookout Mobile Security was no different. Once signed up for the service -- a quick and easy task -- you are able to activate certain security feature through www.mylookout.com. It allows you to remotely backup or locate your missing device or sound an alarm (even if your phone is on silent), but requires premium service to lock or wipe data.
NetQin Antivirus Free
Since this is the company responsible for some of the the latest malware findings, I had high hopes for this one.
It offers two different types of scans: Cloud Scan, which scans apps only; and Full Scan, which includes all apps and SD card contents. On my test runs, each time that I tried to run the cloud scan I got a "Connection Failed. Please try again later." error message at the end of the scan, so I can't say that I consider this to be reliable. The Full Scan completed successfully, but returned no results. Yes, that means it did not find the test virus files. Even after the removal and reinstallation of the faux viruses, the realtime scanner didn't pick anything up.
Like Lookout, NetQin offers it's own version of location services, albeit in a much less useful version. Called Anti-Lost, you can remotely lock and delete data from your device, but there is no website to interface with. In order to use this services, you have to use SMS commands from another cell phone. Basically, if you're not with someone else when you realize that your phone is gone, this feature is useless.
AVG Antivirus Free
This is, by far, the most feature-rich of the reviewed apps. It offers a lot of user options, with a few included annoyances.
Upon first launch, AVG prompts you to do a full scan, whereas most of the others initiated automatically. It's not like one extra tap is really a difficult task, so we'll let that one slide. It offers scanning options for several categories; including Apps, Settings, Content, and Media. I opted to do a full scan, and it did return that it found malicious software, but didn't specify what or how many. I chose to ignore, and it briefly showed a notifier displaying which app was being ignored. While it did find both of the test virus files, it also detected Wireless Tethering and Superuser as viruses; these being the first and only false positives that I came across.
From what I gathered, the settings scan looks for anything that may be making your system more vulnerable. It detected that I have USB Debugging enabled and prompted to disable it. It also asked me to change the settings that allows sideloading of apps from unknown sources. The one that surprised me the most, however, is that it detected that I have root access and warned me that running my device as an administrator could allow malicious code full access to the system. Assuming that it will "fix" this, I wouldn't recommend this app for rooted users because of the potential (accidental) loss of root. On the other side of that, this feature could be very nice for non-rooted users since some malware actually roots your device in order to take advantage of administrative privileges.
The Content Scan is slightly misleading in name, as it actually scans SMS messages, contacts, and favorites. This scan detected one "fishy message" on my device, but didn't specify what it was so I can't really make an assumption of what constitutes "fishy".
Aside from the scanner, AVG offers an onslaught of other features. While some are good, others seem to be there just for show. A perfect example of the latter is a widget that does nothing aside from display the fact that your device is covered by real time protection. Along those same lines, it also displays a customizable notification on the lock screen that says "Belongs to ... protected by antivirus". I'm not really sure of the reason for this, perhaps it's to ward off potential wrongdoers from stealing your device, because I'm sure that malware apps can't really read the lock screen. The single most annoying thing about the lock screen text is the fact that it takes the place of the alarm time display. I always want to make sure that my alarm is set correctly, so I usually use the lock screen for that. Even after I disabled the text provided by AVG, the alarm time didn't display again until I removed the app.
That aside, there are a few other features worth mentioning. As a sort of odd combination that somehow still makes sense, AVG also includes a task killer. There's not a lot to say about that -- it's just a task killer.
Like the others, it also includes a data backup option, but it goes a lot more in-depth than the others. It backs up SMS, bookmarks, system settings, application settings, call logs, MMS, and contacts. There is also a trial version of App Backup, but I didn't activate this.
AVG also has Remote Management, which attaches to your Google account and uses the FindR service. Like Lookout, it has a web based interface where you can lock, scan, wipe, disable, set device as "lost", or remove apps.
NOTE: I'm not sure what the "remove apps" feature is in Remote Management, I couldn't get it to do anything.
Trend Micro Mobile Security
I originally thought this was a full version of the AV, but after installation I found out that it was only a trial. Since I took the time to install it, I figured I would go ahead and keep it in the review.
Unlike the others, Trend Micro didn't initiate any type of scan, but only showed a basic information screen. Once inside the Anti-Malware menu, you can enable real-time protection and execute a scan. I performed an update before running the first scan, just to make sure that I had the newest version of the virus definitions. The scan ran fairly fast and returned no results, so it did not detect the test files. Even after removing and reinstalling the test viruses, the real time scanner didn't detect them as malicious.
As a unique feature, Trend Micro offers "Web Security" which is basically parental controls and web reputations. In order to use the parental controls you must enable a security password, thus locking the app down. Parental Controls is basically just browser-based content filtering according to the specified level; low, normal, or high. The low level blocks pornographic and violent sites, normal (default) takes that a little further, including any content not suitable for teens or children; and high blocks all sites not suitable for children under 13.
The most useful thing about Trend Micro is probably Call and Message Filtering. You can create a blacklist and choose to reject calls from those numbers or silence the phone. In the same respect, you can create a whitelist and only allow calls from those numbers. There is also an option for "annoying call protection", with the definition of an annoying call being "a call from an unknown number that hangs up within three seconds." Personally, I don't get a lot of "annoying calls", so I don't see this something that I would use very often.
Along those same lines is an option for Message filter, which works almost exactly like Call filtering. The main difference being that when you receive a text message from a blacklisted (or non-whitelisted) number, it can automatically reply with a user-defined message.
Norton Mobile Security (Beta)
On the initial launch, you're greeted with the all familiar ToS with the option to forward "security info" to Symantec. I chose to un-check that box and move forward. A scan, while a bit delayed, did start automatically and gave my system a clean bill of health. Yet again, another so called antivirus has let two test viruses slip right by it. After reinstallation, the real time scanner didn't detect the test files as malicious, either. No surprise there.
The Anti-Theft features are very basic. No online frontend, only the ability to remote locate, lock, and wipe data from a user-defined list of "buddy" phones.
Norton also offers a Call and SMS blocking feature. It's more basic than Trend Micro, but it gets the job done. You set the block list, and then choose whether you want to block calls, texts, or both. Simple and to the point.
Conclusion: Antivirus Apps for Android Choices
After spending some time with these apps, it's clear that the world of mobile antivirus needs some work. At the end of it all, I can really only recommend two of these - either AVG or Lookout. If you like a lot of features and don't mind the few annoying quirks, then AVG is a very solid choice; although I wouldn't recommend it if you're a rooted user since it detects root access as a possible threat. If you prefer a more minimal, lightweight approach, then Lookout is the way to go. For the record, I chose to stay with Lookout on my device.
This is by no means a definitive guide to antivirus apps on Android, but I hope that it has helped you decide which mobile security is right for you.
Have an Android security or antivirus app that you want you want to let me know about? Drop a line in the comments!