Attackers are finding increasingly sophisticated ways to infect Android devices with malware. Recently, for example, malware called “Joker” has once again tricked the security mechanisms in Google Play.
How well anti-malware apps protect users from such attacks was investigated by AV-Test in an endurance test – with sometimes surprising results.
14 security apps proved their ability in the endurance test
Among Android users it is an ongoing controversy: Do I need an anti-malware app or not? While Android does have some security mechanisms, such as sandboxing the apps and granting rights to them, attackers always find ways to infect a larger number of devices. Especially users who like to try out new apps and browse outside of Google Play should consider using a protection zap. And even the official Google Play Store is not immune to malware, as “Joker” recently proved ingeniously.
In a major endurance test AV-Test examined 14 security apps over a period of six months. Most of them achieved excellent or at least very good results. All third-party apps filtered out more than 99 percent of malware, five of the test candidates even 100 percent. The testers used 10,000 brand-new and 10,000 slightly older samples. And the system load was also very limited for all candidates, with three minor exceptions. Users therefore do not need to worry about battery life or data volume consumption.
Google’s in-house protection failed
Google’s in-house protection, on the other hand, largely failed in the test. Play Protect”, for example, detected only two thirds of the latest malware and even less than half of the older samples. And this despite the fact that Google has been working with security providers ESET, Lookout and Zimperium for several months. Google’s protection also scored poorly in terms of false positives.
With 6000 harmless apps from Google Play, Play Protect hit 50 times, even though Google had already rated them as good-natured. With another 2500 apps from other sources, Play Protect falsely alerted 80 times. The third-party apps, on the other hand, largely held back with false alarms.
The results clearly show that Google’s own protection is not yet sufficient to protect itself effectively against harmful apps – and these do exist, even in Google Play. Meanwhile, many third-party security apps are free of charge and do not put a great deal of strain on the system.
Making Android safe: 10 tips you should consider
This way you can protect your Android smartphone from attacks and seal off your data: With these ten tips, you can make your smartphone secure. We’ll give you tips for making your Android smartphone more secure.
Tip 1: Set up screen lock
Without a lock, you open the door to all your data to attackers. The SIM card is protected with a PIN by default. If not, activate it under Settings/Security and SIM Lock. You should also set up a display lock. Then only those who know the code, password or the matching pattern can access the phone. Newer smartphones often have a fingerprint sensor on board, which you can also use for security. You set the lock in the settings under Security and Display lock.
Tip 2: Install updates immediately
Make sure that both the operating system and all programs are always up-to-date and install updates immediately. With updates, the developers not only provide new functions, but also close security gaps. When there is a new Android version, you will receive a notification.
For apps, you should allow automatic updates. To do so, go to the Play Store and tap the three bars in the top left corner. Then select Settings and activate Automatic Updates – but preferably only via WLAN, otherwise you might have to pay for the data transfer.
Tip 3: Download from Play Store only
Only download apps from the official Google Play Store, not from potentially dubious websites. They’re more likely to catch viruses and malware. To be on the safe side, you should prevent apps of unknown origin from being installed on your phone. This can be done with older Android versions under Settings and Security. Starting with Android 8.0, you will find the menu item in the settings under Apps/Special Access. At the very bottom there is the option Install unknown apps. Tap on it and you will see all apps already installed. Check if all of them have the following message: Not allowed. Otherwise tap on it and move the slider.
Tip 4: Pay attention to permissions
For each app you install, check which permissions it wants to grant itself. You can find this on the App page in the Play Store under Permissions Details. For example, a flashlight feature does not require Internet access. For apps that are already installed, you can revoke individual permissions under Settings/ Apps/App Permissions.
Tip 5: Encrypting the smartphone
If a stranger gets hold of your phone despite all the security measures, he should not be able to read sensitive data – such as e-mails, contacts or access data. The encryption of the device protects against this. With most mobile phones, you have to trigger it yourself once. To do this, tap on Security/Encryption and select the Encrypt smartphone option.
Tip 6: Watch out for open WLAN
You can surf for free in the open WLAN in the café or at the airport. But be careful: With relatively simple means others can spy on you and read along. You should therefore never do home banking there. Also, be cautious about all sites where you have to log in, such as e-mail or Amazon. At the very least, the pages should provide SSL encryption when you log in, recognizable by https://. Even better: Surf via a secure VPN connection.
Tip 7: Disable connections
Apps can determine your location and create movement profiles via GPS and WLAN networks. You should therefore disable all network functions if you do not use them all the time. This includes Bluetooth and NFC, as these interfaces can offer potential entry points for attackers. You disable all these functions in the settings – under Wireless and Networks and under Location. Slide the virtual controller to the off position each time.
Tip 8: Enable anti-theft protection
It has advantages if you switch on the location determination: so you can track your phone in case it’s lost. You can also delete all data remotely. Of course, you must have activated the function before you lost your phone. Allow location tracking under Settings/User and Location. Then activate Security and Find My Device. In an emergency, go to https://accounts.google.com in your browser and sign in with your Google Account.
Tip 9: Regular backups
When the smartphone goes down, all the data is gone – unless you back it up regularly. The easiest way to back up your photos is to use cloud services like Google Drive or OneDrive, which store them automatically. App settings and data, Wi-Fi passwords or call history are backed up by Google. Activate this via
Tip 10: Using the security app
Even the free security apps from Kaspersky, Avira or Bitdefender protect against malware and scan new programs for threats.
Some even include anti-theft functions. Starting with Android 8.0, you can also activate the Play Protect function in the settings as additional protection, which checks installed apps for security gaps.