Comparitech recemtly released results of their tests on 21 popular, free Android antivirus apps, which found serious vulnerabilities. They looked at the application itself, its effectiveness, the web management dashboard, and all backend services involved. They also analyzed dangerous permissions and trackers embedded in each mobile antivirus app:
We tested 21 Android antivirus apps and found these serious vulnerabilities
Key findings include:
- In total, 47% of the vendors tested failed in some way
- These mobile antivirus apps couldn’t detect a dangerous test virus:
-
- AEGISLAB Antivirus Free
- Antiy AVL Pro Antivirus & Security
- Brainiacs Antivirus System
- Fotoable Super Cleaner
- MalwareFox Anti-Malware
- NQ Mobile Security & Antivirus Free
- Tap Technology Antivirus Mobile
- Zemana Antivirus & Security
- VIPRE Mobile, AEGISLAB, and BullGuard all had flaws that could put user privacy and security at risk. The vendors worked with Comparitech to patch the flaws in their apps and all vulnerabilities were fixed.
According to researcher Khaled Sakr, “Unfortunately in many organizations, the business side wins over the security side. Like in the case of VIPRE Mobile. I would say that any competent penetration tester could have identified these vulnerabilities. More businesses need to pay attention and make sure that security is tackled at the beginning of a project, and alongside application development, instead of at the end when it’s too late.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.