Google Play Protect Miserably Fails Android Protection Tests

Google’s Play Protect Android mobile threat protection system failed German antivirus testing lab AV-Test real-world tests, scoring zero out of a maximum of six points after very weak malware detection performance.

The Google Play Protect built-in malware protection for Android was introduced three years ago, during the Google I/O 2017 in May 2017, with Google starting full deployment to all Android devices during July 2017.

Today, Google’s Play Protect is deployed on over 2.5 billion active Android devices as shown by the Android security center.

AV-Test rankings
Android security app final rankings (AV-Test)

Anything else but Google Play Protect

According to AV-Test’s results, Google Play Protect was able to detect a little over one-third of the roughly 6,700 malware samples the testing lab used throughout the tests which means that more than 4,000 of them were able to infect the test devices.

Google Play Protect detected 37% of 3,300 newly discovered samples — not more than 2 to 24 hours old — in the real-time testing phase, and 33.1% in the reference set test that used 3,300 malware samples that have been circulating for up to 4 weeks.

As can be seen in the below screenshot, both results are the last in the rankings, with all other mobile antivirus security solutions having detection rates above 98% in both protection tests.

Google Play Protect also had issues with false alarms as it mistakenly tagged about 30 harmless applications as being a threat to the test devices.

AV-Test Android security tests
Android malware detection rates (AV-Test)

Actually, out of all mobile security suites, Antiy, Bitdefender, Cheetah Mobile, NortonLifeLock, Trend Micro, and Kaspersky hit a perfect 100% detection rate.

“With Play Protect, Google promises protection against infected programs,” AV-Test says. “That’s why the tool runs automatically on every newer Android system, scanning available apps.”

“The current test indicates, however, that Android users should not rely solely on Play Protect,” the testing lab adds.

“As the detection rates of Google Play Protect are really quite poor, the use of a good security app is highly recommended.”

AV-Test’s comparison only evaluated Android security apps for consumers, with the lab to test enterprise security apps and release the results in April 2020.

This is not the first time Android’s built-in security app failed AV-Test’s examination given that Google Play Protect was also at the bottom of the protection rankings far beyond the other mobile security tools in October 2017, right after its release.

100 billion apps scanned every day

According to Google, Play Protect scans over 100 billion apps for malware each day, up 50 billion when compared to 2018 and it provides Android users with information regarding potential security issues and the actions needed to keep their devices secure.

Last year, Google joined efforts with ESET, Lookout, and Zimperium through the App Defense Alliance to improve malicious Android app detection on submission and block such apps before getting published on the Play Store.

The App Defense Alliance couldn’t have come sooner seeing that that malware has managed to infiltrate Google’s app ecosystem quite often despite the company’s efforts to stop it. (1, 2, 3)

Google also enhanced the machine-learning detection systems used by Google Play Protect to analyze Android app code, metadata, and user engagement signals for suspicious content and behavior.

BleepingComputer has reached out to Google for comment but had not heard back at the time of this publication.

Kent

Next Post

Publishers roll out alternative routes to open access | Science

Tue Mar 10 , 2020
DAVIDE BONAZZI/SALZMAN ART By Jeffrey BrainardMar. 9, 2020 , 4:00 AM In the push for “open access” (OA)—making scientific papers immediately free to everyone—it’s easy to forget that publishing costs haven’t vanished. They have simply shifted from subscriptions paid mostly by university librarians to fees charged to authors. Those article-processing […]