We have long heard about the apparent malware issues that plague Android with predictions that a million devices that might be infected by the end of the year. These trends are typically reinforced by questionable reports such as the one by F-Trend where the definition of malware is skewed as part of a fear campaign to lure users to using their products. The actual definition of malware can be made broad, so broad that Avast! an extremely popular antivirus software on both PCs and mobile devices has rolled up a system update that appears to be a bit overly eager when it comes to branding apps as ‘malware’.
In the latest update Avast! now labels apps including Gmail, PayPal, Google Current, LinkedIn, Redbox, Amazon and WhatsApp as malware. Needless to say any experience user would realize these applications aren’t malware, but they do ask for some permissions which are shared by some apps that are malware. It’s this issue that leads to the skewing of statistics on applications that are malware because a lot of applications do require extensive permissions to work properly, which is an advantage of the Android ecosystem because applications can sync better with the inner workings of the phone, while some applications have struggled to be integrated properly with other devices, for example for iOS the functionality of the Pebble Smartwatch is limited because the access to certain functions are restricted by iOS. However as evident in Avast!, it can lead to false positives inflating the malware threat for Android.
There is some good news of the horizon though, Avast! has acknowledged with the issue on their support forum and is promising a fix soon. As representative from Avast has stated:
it seems that this false positive detection somehow got through our systems to everyone. I’m sorry for that. Don’t worry though, there should be a virus definitions update soon that will remove this detection. I’m going to reroute all topics to this one and lock them so everyone knows what’s happening. I’ll post here when the update is out so everyone can do a manual update of their definitions to fix this (or you can, of course, wait for the automatic update to happen, but manual will most probably be faster in this case).
If given the choice though, would you rather have a piece of software that gives false positives or false negatives? There is a saying better safe than sorry, however in the case of mobile malware the issue can be easily avoided if you stick to legitimate sites you can completely avoid the issue of malware, which is probably the safest option of all.