Google's app verification service can only detect 15% of known Android malware

Google's app verification service can only detect 15% of known Android malware

Xuxian Jiang, an associate professor in the Department of Computer Science at NC State University, tested Google's App Verification service on a Nexus 10 tablet against 1,260 samples of known Android malware and discovered that it was only capable of identifying and preventing the installation of 193 infected apps -- a detection rate of only 15.32 percent.

Google's App Verification Service was introduced on November 15 as a standard feature on Jellybean 4.2, the latest version of the Android operating system, in an effort to address the growing risk of malicious apps appearing on the Google Play store and Android's apparent lack of in-built robust anti-virus and malware protection.

To validate his findings and put them into context, Xuxian Jiang also tested Google's App Verification service against 10 existing third party anti-virus engines using a randomly selected sample of malware from each known malware family.

In this test, Google's service was able to indentify 20.41 percent of threats, while the other anti-virus engines managed between a 51.02-percent and 100-percent detection rate.

In his conclusion, Xuxian Jiang notes, "By introducing this new app verification service in Android 4.2, Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement."

He also points to Google's recent acquisition of Virus Total, which performed well in the anti-virus comparison tests, and believes that the search giant will eventually add Virus Total functionality to its existing app verification service. However, what is clear is that until the service improves, Android users will need to seek a second opinion about potentially suspect apps, rather than basing their decision solely on Google's current service.