In a bid to boost security of devices running Google’s Android operating system, the company added a feature in the latest version of its OS that is supposed to prevent users from installing apps that contain malware.
The most typical scenario would be a dialog box would inform a user that the app he/she is trying to install is not safe. Google blocks the app, prevents it from being installed on other devices, and if it’s from the Play Store, it would be taken down. This security measure is effective until a professor from North Carolina State University has proven otherwise.
Xuxian Jiang, an associate professor of computer science at North Carolina State University said that Google’s security service is not as accurate as most people would think it is. In fact, it only has a detection rate of 15 percent based on the results of his tests.
Using Google Nexus tablet, Mr. Jiang installed 1,260 samples of malware to see if Google’s security service acts the way the company says it does. The result was shocking as there were 193 malware detected. This led to a conclusion that Android system, even the latest version, is not as secured as everybody believes.
Another security company based in San Francisco allegedly conducted the same tests as with Mr. Jiang’s and the results were consistent. The firm noted that while Google strives to perfect its security services, the one its uses for the Android is still immature and still has a lot of inconsistencies and loopholes that attackers may exploit.
The search titan, however, said that the tests conducted by Mr. Jiang as well as the sample malware he used are the ones used for researches and not actually the kind of malware Android users encounter. They are more focused on detecting malware that its users may encounter every day, a spokesperson added.
“The Google Play application verification service uses real-world data and multiple detection techniques to protect against Android malware,” Google said in a statement. “We go after threats users are most likely to face, rather than just focusing on an AV test set which may not be representative of actual conditions.”
[source: NY Times]