Do you need antivirus on Android? We asked an expert

antivirus protection for Android
Android has been around for several years now and yet the topic of security continues to be the source of some argument. On the one hand you have the idea that Android is not susceptible to virus threats and, provided you are careful about what you download, there is no real need for antivirus software. On the other, you have reports and statistics claiming that malware is frighteningly common and any Android device without protection is sure to get infected. So where does the truth lie? We’ve asked experts from three prominent companies in mobile security — AV-Test, Avast, and Lookout — to help us figure out just how much danger we’re in.

Updated on 2-12-2015 by Simon Hill: Edited and updated text, added comments from Filip Chytrý at Avast, Adrian Ludwig at Google, Andreas Marx at AV-Test, and some new links and references.

Antivirus is just part of the package

We already took a look at the top security apps on the Android platform and found that they tend to offer a lot more than just antivirus protection. In our security app roundup, we referred to a report by independent security experts, AV-Test, which compared the detection rates of the top Android antivirus apps. AV-Test CEO, Andreas Marx, said that antivirus is important, but a well-rounded security app is better.

To have a smartphone in your pocket without a remote wipe possibility is a dangerous thing.

“Antivirus is usually only one component of the offered Android protection packages,” said Marx. “So a stand-alone AV is not yet required at all times, but it is a good-to-have feature as part of a bigger package. Such packages often include easy-to-use backup features for user’s data, remote wipe in case the phone gets lost, etc.”

We also spoke to Jan Gahura, Director of Non-Windows products at Avast and he suggested that the real benefit of Avast! Mobile Security goes beyond the antivirus features. When asked about the biggest risk to Android users, and the main incentive to download a security app, he also concurred that viruses aren’t the greatest threat.

“I’d say that the biggest risk is that someone will get access to your device (either you lose your device or it’s stolen),” said Gahura. “That’s why we have focused on the best anti-theft solution currently available on the market. To have a smartphone in your pocket without a remote wipe possibility is a dangerous thing. It’s even more dangerous than losing keys to your house. Of course someone can steal your private data using a fraudulent application, but that’s certainly the harder way. With avast! Mobile Security, you are shielded from both threats.”

Malware, fact or fiction?

So what about malware? Should we be worried? The key thing to remember about malware on Android is that you have to actually install it. Malware writers will use increasingly clever techniques to try and trick you into doing just that.

AV-TEST certified“If you only install software from trustworthy market places (like Google Play) and do not use your smartphone very often for web surfing or e-mailing, the OS is still pretty safe,” said Andreas Marx, AV-Test. “The majority of problems arise from the installation of ‘cracked’ applications from 3rd party market places which are often bundled with malicious software.”

As malware writers try to earn money for their bad deeds, they continually look for new ways to get their malicious software installed on your devices. The best recommendation is still to think twice before installing untrusted software or clicking on strange-looking links.

“The Google Play store is a relatively open environment,” said Jan Gahura, Avast. “Even after Google introduced its Bouncer (an automatic analysis tool to approve each application which is submitted to the Google Play Store) malicious applications still exist. Here at Avast we know how hard is to develop such a tool and how easy is to fool it from a bad guy’s perspective.”

That point of view is echoed by Derek Halliday, Senior Product Manager at Lookout, who had some lengthy remarks on mobile security. In his eyes, Android users are far from safe.

“No OS is completely safe, and protection is a requirement across mobile platforms. No matter where you find a critical mass of people, there will always be some bad guys looking for ways to exploit them. Android has exploded in popularity, attracting a lot of consumers in the last few years, so it’s only natural that it’s targeted.”

“It’s not actually a case of Android being particularly vulnerable – Google has taken some great steps toward protecting people and screens all apps entering Google Play – but the basic programming language is Java, and that’s what makes Android more of a target for the creators of malware. No special hardware is required – code can be written on a standard PC – so unlike iOS which requires a Mac, Android code writing is readily accessible to a lot of people across the world. This lower barrier to development attracts more bad guys.”

“In the last 12 months, there has been an increase in for-profit malware across all OSs. We’ve seen increasingly sophisticated threats emerging – for the first time ever, we witnessed malware writers targeting the mobile Web via compromised or infected websites with the NotCompatible threat.”

Is Google Play a hot bed of malware?

The idea that malware-infected apps are proliferating in Google Play is popular, but is there any statistical evidence to back it? At NetEvents Americas back in 2012 a BT (British Telecom), security expert Jill Knesek suggested that up to a third of Android applications carried some form of malware (based on a test of 1,000 apps) and that most devices are compromised. It was widely reported, but not true. ZDNet questioned BT on the subject and it backpedaled, saying that it no longer wishes to talk about the subject. The claims have yet to be supported by any released report.

So is all this talk really just scaremongering designed to panic you into installing antivirus software? Chris DiBona, Open Source Programs Manager at Google, certainly thought so when he released an update tackling the topic on his Google+ account back in November, 2011. In it, he argued that: “Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and iOS. They are charlatans and scammers. IF you work for a company selling virus protection for Android, RIM or iOS, you should be ashamed of yourself.”

“Smartphones are, however, becoming increasingly more interesting for cybercriminals.”

He was talking about traditional virus problems of the kind you might see on Windows or Mac computers. Mobile platforms are not at risk in the same way because of the way they were designed. He makes a distinction between ‘viruses’ which spread themselves and bad apps containing malware, which you have to choose to install.

Google’s official position hasn’t changed much in the intervening years, as reported by The Sydney Morning Herald:

“I don’t think 99 per cent plus users even get a benefit from [anti-virus],” claimed Adrian Ludwig, lead engineer for Android security, talking at Google I/O 2014, “There’s certainly no reason that they need to install something in addition to [the security we provide].”

“If I were to be in a line of work where I need that type of protection it would make sense for me to do that. [But] do I think the average user on Android needs to install [anti-virus]? Absolutely not.”

So what is Android malware?

The vast majority of malware on Android is focused on stealing your information, which is obviously a major concern. Perhaps the worst case scenario is malware that sends SMS messages to premium rate numbers. There’s no denying that it’s dangerous but it’s also like a vampire – in that you have to invite it into your home, or onto your phone. It is not spreading by itself and, if you are sensible, you can avoid it without needing antivirus software.

Unfortunately, as we mentioned before, malware writers are employing ever more sophisticated techniques to fool you. There are apps that clone legitimate apps to fool you into downloading them and apps that are malware free when you first install them, but download malware through the update system. Avast discovered three malware apps in Google Play just last week. The most widespread was a game called Durak which had been downloaded more than five million times according to Play Store stats.

Filip Chytrý
Filip Chytrý Avast

Avast has detected over a million pieces of malware targetting mobile devices, according to Malware Analyst Filip Chytrý, but he admits that’s a relatively small threat when compared to the billion plus pieces of PC malware they’ve discovered.

“Smartphones are, however, becoming increasingly more interesting for cybercriminals,” Chytrý suggests, “…because users tend to store so much more of their personal data on them than on their PCs, such as photos, videos, SMS, emails, and banking/shopping apps.”

What are the threats?

“Premium SMS scams are the biggest threat to smartphone users, regardless of OS,” explained Derek Halliday, Lookout. “They’re relatively simple to set-up, and have the potential to pay-off big. But there are constantly new threats evolving, ranging from aggressive ad networks, through to Trojans and new forms of malware. Mobile phones have become our wallet, contact list, communications, and more. You wouldn’t leave your bank account open to everyone, so why take the same chances with your phone when it contains so much information? But at the same time, you shouldn’t be scared of using all the features on your device – Lookout gives people the freedom to enjoy their smartphone to the full. ”

We asked Chytrý of Avast whether there’s anything else we should be considering and he told us “One threat that many people seem to be ignoring completely is that of using open Wi-Fi networks without protection. In a survey, we found out that 76% of American smartphone and tablet users are at risk of privacy loss and identity theft via public Wi-Fi networks, as they prefer to join free, public Wi-Fi networks, many of which do not require registration or a password, to avoid data overages or simply for convenience’s sake. Only a mere six percent use a virtual private network (VPN) to protect their mobile devices. Therefore, hackers can easily access the data transferred via open Wi-Fi, including a user’s photos, videos, banking information, emails, chat messages and browsing history. People should take responsibility for their own privacy and start using a VPN solution when connecting to open Wi-Fi networks.”

Is the problem getting worse?

“At the time you first contacted me back in August 2012, we counted around 85,000 known malware samples for the Android platform. In total.” explained Andreas Marx of AV-Test, “As of today (2-14-2015), we’re receiving this amount of samples within just 2 weeks.”

He went on to explain that the vast majority of malicious apps are discovered in Asia, particularly China where there’s no Play Store, and in Russia. He stands by his original advice about avoiding 3rd party sites or alternative sources for your apps, because more than 99 percent of malicious apps were not distributed via Google Play.

More than 99 percent of malicious apps were not distributed via Google Play.

When we asked for recommendations Marx mentioned Bitdefender Clueful Privacy Advisor, a free app which provides detailed analysis of Android apps that you can check before you download. Handy, not just for identifying malware, but also for privacy concerns and intrusive advertising. Marx says it’s common for apps to be well-behaved for the first few days, delaying malicious actions to reduce the chance of you spotting the link.

He also mentioned the importance of keeping the Android platform and your apps up to date to get the latest security improvements.

Pros and cons of security apps

Since many Android security apps combine anti-theft features with backup and antivirus, it won’t hurt to install them, but a pure antivirus solution might not be so worthwhile. Your safety depends more on how careful you are about what you download and where from, what links you tap in emails and online, and the networks you connect to.

If you’re wondering about the disadvantage of installing antivirus then it really boils down to three things –

  • cost (which you can avoid with a free option)
  • footprint (it will eat some processing power)
  • false positives (it will occasionally identify legitimate apps as malware)

If you’re not sold on the need for an antivirus app and you want more advice take a look at how to stay safe on Android without security apps. These are simple tips for people keen to avoid malware and not so keen on running antivirus software.

Mobile

Updating to Apple’s iOS 12 will make your iPhone a whole lot smarter

iOS 12, the latest version of Apple’s iOS, is officially here. We took it for a spin to check out its new noteworthy features, and if it truly changes our smartphone habits for the better.
Product Review

Razer Phone 2 fixes everything wrong with the original

The Razer Phone had a great screen, strong speakers, powerful performance, but a mediocre camera, no water resistance, and a high price. With the Razer Phone 2, Razer has improved on the predecessor in every way.
Mobile

Google Pixel 3 vs. Pixel 2 vs. Pixel: Picking the perfect phone for you

The third-generation Pixel phone from Google has arrived, but what has changed? Join us for a look at the original Pixel compared to the Pixel 2 and the latest Pixel 3 to find out exactly what's different and whether the new model is worth…
Mobile

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, with each suited for a different occasion.
Mobile

Pocket transforms articles into podcasts with an assist from Amazon

Read-it-later app Pocket is adding an option to turn articles into easily navigable podcasts with its new app redesign for iOS and Android. The feature relies on Amazon's voice-to-text service Polly.
Mobile

Here’s our guide on how to get ‘Fortnite’ on your Android device

'Fortnite: Battle Royale' is one of the biggest games in the world right now, and it's finally on Android, even if getting set up is a bit long-winded. Here's how to play 'Fortnite: Battle Royale' on an Android device.
Emerging Tech

Awesome Tech You Can’t Buy Yet: DIY smartphones and zip-on bike tires

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Deals

Save up to $1,000 with the best smartphone deals for October 2018

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $1,000.
Mobile

Put your iPad Pro to the test with these great games

Did you recently purchase a 10.5-inch iPad Pro, or are you enjoying the 12.9-inch version? If so, we've rounded up a few of the best iPad Pro games currently available on Apple's mobile platform.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

If you weren't already aware, USB-C is quickly becoming mainstream. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone.
Photography

Adobe's "creativity conference" begins October 15. Here's what we hope to see

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Mobile

Here’s how to set up an alternate appearance for Face ID

Would like to add a second face for your iPhone FaceID? Maybe your face looks different at work, or you have a loved one that you want to be able to unlock your phone. Here's how to set up an alternate appearance for Face ID.
Emerging Tech

Here’s all the best gear and gadgetry you can snag for $100 or less

A $100 bill can get you further than you might think -- so long as you know where to look. Check out our picks for the best tech under $100, whether you're in the market for headphones or a virtual-reality headset.
Mobile

OnePlus charges into U.K. carrier stores, leaving online-only start in the past

OnePlus's next phone, the OnePlus 6T, will be more widely available than any OnePlus phone before it, as the company has announced major deals with retailers in the U.K. The device launches on October 30.