Mobile Security Products for Android E-Book

Author:

Philipp Kratzer

Co-Authors:

Andreas Clementi, Christoph Gruber,

David Lahee, Philippe Rödlach, Peter Stelzhammer

Edition: September 2014

Contents

Introduction

Overview

Products tested

Battery usage

Malware protection results

AVC UnDroid Analyser

Android Device Manager

AhnLab V3 Mobile

avast! Mobile Security

Avira Antivirus Security

Baidu Mobile Security

Bitdefender Mobile Security

CheetahMobile Clean Master

CheetahMobile CM Security

ESET Mobile Security

F-Secure Mobile Security

G Data Internet Security

Ikarus mobile.security

Kaspersky Internet Security

Kingsoft Mobile Security

McAfee Mobile Security

Qihoo 360 AntiVirus

Quick Heal Total Security

Sophos Security and Antivirus

Tencent Mobile Manager

Trend Micro Mobile Security

Webroot SecurityAnywhere Mobile Complete

Summary

Appendix - Permissions

Appendix – Feature list

Copyright and Disclaimer

Introduction

Smartphones represent the future of modern communications. In 2013, more than 1 billion smartphones were sold, a further milestone in the advance of these devices1. A study published by Facebook emphasises the importance of smartphones in our lives; about 80% of users make use of their smartphone within 15 minutes of waking up each day2.

At the same time, the traditional function of a telephone is becoming less and less important. The high quality of integrated cameras means that the smartphone is increasingly used for photography. As well as with photos, users trust their devices with their most personal communications, such as Facebook, WhatsApp and email. This brings some risks with it, as such usage makes the smartphone interesting for criminals, who attempt to infect the device with malware or steal personal data. There is also the danger brought by phishing attacks.

These days, the use of security software on a PC or laptop is seen as essential. However, many smartphone users do not yet have the same sense of responsibility, even though their devices store personal data, private photos, Internet banking information or even company data.

As modern smartphones are often expensive to buy, they are also an attractive target for thieves. Top-quality smartphones cost several hundred Euros. As it is not possible to physically prevent them from being stolen, they must be made less attractive to thieves. Consequently, many of today's security products contain not only malware protection, but also highly developed theft-protection functions, which make the device less attractive to thieves (e.g. by locking the device), and help the owner to find it again.

This year, we have once again tested security products for smartphones running Google's Android operating system. Our report covers details of the products made by leading manufacturers who have agreed to participate in our review. The test was conducted in July and August 2014 on an LG Nexus 5 smartphone running Android 4.4.2. In the event that a function did not work properly, we then installed the product on a Samsung Galaxy S3 Mini with Android 4.1.2 and repeated the test. This verifies whether the malfunction is a general one, or is limited to the newer Android version. We also tested the "wipe" function (deletion of personal data) of each applicable product on the alternative device, with particular regard to the deletion of data on the external SD card. This was necessary, as the Nexus 5 does not allow an external SD card to be used.

In general, we found that the current Android version, 4.4, clearly has problems with text-message blocking features in security products. None of the products we tested was able to make this work. Many manufacturers warn the user of this. Text messages cannot be blocked or hidden under Android 4.4. This is particularly problematic for products that use text-message commands to control their features. Thieves are able to see text messages in plain text, meaning that they can see the password. We thus recommend sending a "lock" command first, before using other features such as locating or wiping the device. This is the only way the user can ensure that a thief does not have access to his or her texts.

Security software for Android usually requires a wide range of operating-system permissions, which we granted, to ensure that the program would work properly. We noticed a high degree of variation between products, however. We decided to publish a table in this year's report that displays all the permissions required by each product. This can be seen in the appendix on page →.

Theft Protection

Almost all the products in the test provide a theft-protection feature. The lock function is surely the most important. This protects the phone from unauthorised use by password protecting it. Remote deletion of personal data on the smartphone is also a standard feature of the tested programs. The position of the phone can be determined by a location function. This can be helpful in locating a lost phone, although some manufacturers explicitly warn against confronting a thief.

Manufacturers have two possible means of controlling their theft-protection software. One is textmessage commands, which are sent to the lost or stolen phone and set off the relevant functions. The other is a web interface. Each has its own advantages and disadvantages. The advantage of text-message commands is that they almost always work, even if the device is in another country. The user needs to have the commands to hand, however, and also requires access to another mobile phone in order to send them. By contrast, web interfaces are generally intuitive in use, and provide an easy means of controlling the device. The disadvantage is that the lost or stolen device requires an active Internet connection in order to work; this may well be deactivated if the phone is taken to another country. The location function could also be to locate the person carrying the phone, which in some cases could constitute misuse. It is possible to install a security product on someone else's phone, or give someone else a phone with the software already installed, in order to track that person's movements. This may be deemed legitimate in the case of parents keeping an eye on their children, but not necessarily in other cases.

The Android operating system has a basic but reliable theft-protection feature, called Device Manager, built in to it. We have also tried out the available functions of Android Device Manager, to provide readers with the most complete view of available software. The review of the available functions can be found on page 122. A general problem regarding theft-protection, which affects many products, is airplane mode. This can be activated even when the smartphone is locked. If this mode is activated, all contact with the outside world is lost, thus rendering theft-protection mode completely ineffective. Not all the functions, such as locking, wiping and locating, will work. This applies equally to text-message controls and the web interface.

Malware protection

This component scans the mobile phone for malicious software, which it deletes or quarantines. For this function to work effectively, it has to be kept up-to-date. When travelling abroad, users need to be careful that automatic updates and cloud scans do not incur high roaming costs from the mobile service provider. The results of our Android malware protection test can be seen on page →.

Battery usage

Many smartphone users will have found themselves in a position, usually towards the end of the day, in which they wished they had a portable power station with them. The multiple functions of smartphones mean that even energy-efficient smartphones cannot prevent substantial batteryusage. GPS location services, email, Internet, and the larger displays in modern smartphones result in the device eating up the power. If the smartphone is used intensively, the battery can be run down by the afternoon. To prevent this, there are three possibilities: strictly controlled use of the phone, carrying a portable charging device, or configuring the device to use as little power as possible. Many users still believe that security software makes high demandxss on the battery of an Android smartphone. Our battery-usage test found that in everyday use of the phone, the influence of security products on battery life is negligible. Running backups, updates and malware scans does lead to significantly higher battery usage, however. Some products get around this by allowing the user to configure the software so that these functions are only carried out when the smartphone is being charged.

1http://www.dw.de/2013-%C3%BCber-eine-milliarde-smartphones-verkauft/a-17391228 (German)

2https://fb-public.app.box.com/s/3iq5x6uwnqtq7ki4q8wk

Overview

The perfect mobile-security product does not yet exist. As with Windows products, we recommend drawing up a short list after reading about the advantages and disadvantages of each product in our review. A free trial version of each candidate product can then be installed and tested for a few days; this should make the decision easier. Especially with Android security products, new versions with improvements and new functions are constantly being released.

By participating in this test, the manufacturers have shown their commitment to providing customers with quality security software. As this report shows, we have found some degree of malfunction in many of the tested products. The manufacturers of the affected products have taken these problems very seriously and are already working on solutions. Overall, we have noticed a marked improvement in the quality of the products relative to last year. We are therefore pleased to give almost all the participating products our “Approved Award”. Unfortunately, it was not possible to give this award to Tencent’s security app, due to its score in the malware protection test. Qihoo has also not been awarded, as their tested product version is currently no longer available and not the same as in the Google playstore.

AhnLab V3 Mobile provides the most important security functions for Android. Additional features include file encryption and a network monitor.

This year’s version of avast! Mobile Security has been extended to include Applocker and Privacy Scan features. It is a very comprehensive security product with a wide range of configuration options.

Avira Antivirus Security is an attractively designed security app for Android, and provides all the important functions. The theft-protection feature is controlled by a web interface. Innovative components such as Identity Safeguard complete the product.

Baidu Mobile Security is an extremely easy-to-use security product for Android smartphones. It provides many features, such as optimisation functions, an app manager and anti-spam.

Bitdefender Mobile Security has been optically redesigned since last year, and now includes an app blocker. The features are well thought-out, and generally worked very well.

CheetahMobile aims to digitally clean the mobile phone with Clean Master. As well as a virus scanner, there are other functions such as RAM/storage cleaning.

CheetahMobile CM Security is a solidly implemented security product for Android smartphones, which provides important functions such as antivirus and theft protection.

ESET Mobile Security is a well thought-out and attractively designed product for Android smartphones. The functions are solidly implemented and performed well. This year’s version has been extended to include a web interface for the theft protection.

F-Secure Mobile Security is a security package that includes important features such as theft protection and malware scanner. Parental controls and safe surfing are also provided.

G Data Internet Security provides sophisticated protection for children in addition to the standard security features. This includes Children’s Corner and a special browser for children.

IKARUS mobile.security includes all the important security features. The user interface is very clearly laid out, and should be simple to use for everyone. The components included generally worked well.

Kaspersky Internet Security has been optically reworked since last year. It has a comprehensive range of features, including virus scanner, text-message and call filter, browser protection, theftprotection and more.

Kingsoft Mobile Security for Android available free of charge, and optically very simple. As well as traditional malware protection, there are additional features such as a spam filter for text messages, and battery-life protection.

McAfee Mobile Security is a well thought-out suite, which as well as the usual functions also includes features such as CaptureCam and Kids‘ Corner.

Last year’s version of Quick Heal Total Security was already rich in functionality, and this year is again one of the most comprehensive products. The current version has also been given an optical makeover.

Qihoo 360 AntiVirus, which was only available in Chinese last year, participates in this year’s test with the new English version. Important functions are included, along with innovative features such as Anti-Adware. The result reached in this test by Qihoo is not applicable to the English product version available in the Google playstore. Due to the misuse of the award by Qihoo in their related marketing, the award has been withdrawn.

Sophos Security and Antivirus provides useful features that actively promote the user’s security. The Security Advisor, which checks critical settings, is of particular note, as is the well-designed Spam Protection component.

Mobile Security by Trend Micro provides sensible extensions such as safe surfing and wellimplemented parental controls, in addition to the usual functions of theft protection and malware scanner.

Tencent Mobile Manager is a security product for Android with extensive functionality. There is a wide range of optional add-ons available, which can extend the product even further. Due to the score in the malware-protection test, which according to Tencent was due to a bug in the product at the time of testing, we are unfortunately not able to approve the product.

Webroot SecureAnywhere Mobile Complete scores highly with its reliable theft protection and text/call filter. The premium version additionally includes SIM lock, app inspectors and other functions.

Products tested

The products that participated in this year's test are listed below. The manufacturers either provided us with the latest version of their product, or confirmed that it was available from the Google Play Store at the time of the test (July 2014). After the test, manufacturers had the opportunity to fix any flaws we found. Any problems that have already been solved are noted in the report.

AhnLab V3 Mobile 2.1.2.13

avast! Mobile Security 3.0.7650

Avira Antivirus Security 3.5.2983

Baidu Mobile Manager 5.2.0

Bitdefender Mobile Security 2.19.344

CheetahMobile Clean Master 5.6.0

CheetahMobile CM Security 1.6.1

ESET Mobile Security 3.0.937.0-15

F-Secure Mobile Security 9.2.15183

G Data Internet Security 25.3.0

IKARUS mobile.security 1.7.20

Kaspersky Internet Security 11.4.4.232

Kingsoft Mobile Security 3.3.1

McAfee Mobile Security 4.1.0.543

Quick Heal Total Security 2.00.021

Qihoo 360 AntiVirus 1.0.0

Sophos Security and Antivirus 3.5.1324

Tencent Mobile Manager 4.8.2

Trend Micro Mobile Security 5.0

Webroot SecureAnywhere Mobile Complete 3.6.0.6610

The mobile products of Baidu, Kingsoft and Tencent are currently only available as Chineselanguage versions. The result reached in this test by Qihoo is not applicable to the English product version available in the Google playstore, which is different to the version that Qihoo provides in Chinese and English on their website.

A comprehensive overview of the mobile security products available on the market can be seen on our website: http://www.av-comparatives.org/list-mobile/

Battery usage

Testing the battery usage of a device might appear at first glance to be very straightforward. If one goes into more detail, the difficulties become apparent. Particularly with mobile phones, the usage patterns of different users are very varied. Some use the multimedia functions extensively, others view many documents, while some use only the telephone functions. We need to differentiate between power users, who take advantage of all of the possible functions in the device, and traditional users who merely make and receive phone calls.

In April 2012, AV-Comparatives conducted a survey of smartphone use, in order to optimise the testing procedure. Over a thousand smartphone users from around the world were asked to anonymously answer questions about their smartphone use. It was apparent that the respondents made good use of their smartphones' features. 95% of users surveyed said that they use their phones to surf the Internet and communicate by email, whilst over two thirds listen to music or watch videos on their mobiles. It was notable that 70% of the users never switch their phones off.

Smartphones are becoming more and more important to their users, who scarcely leave any functions of their devices unused. The mobile phone is a ubiquitous means of communication that is supplementing or even replacing the personal computer.

Telephony is becoming a less important use of the smartphone, with 41% of survey respondents saying they only used the device for 1-10 minutes each day. Most users spend longer than this on the Internet; over 29% for over an hour a day.

We used the 2012 survey as the basis for our usage statistics in the battery drain test. The data was used to define average daily use of a smartphone. The test then determined the effect of the security software on battery use for the average user.

Environmental conditions

To measure the battery drain as accurately as possible, we used an ISO-calibrated measuring device, in co-operation with Agilent and x-test. The highly accurate battery-drain meter allows very precise measurements to be taken. An automated process, emulating the typical usage as established in the survey, is run multiple times.

Outside influences

In order to exclude any influence from environmental conditions or technical variations, we took great pains to ensure that the testing conditions for each product were identical, in accordance with ECMA-3833.

3G connections and WiFi connections can vary according to e.g. weather conditions. In order to prevent such variations influencing our test, we set up our own WiFi base station and UMTS base station in our testing lab. This ensured that the energy expended in supporting the 3G/WLAN connection was the same for every product.

These values are of course also influenced by the mobile phone used. Multiple factors come into play here. For example, a large screen will require more energy than a small one. The type of screen (e.g. LCD, OLED, AMOLED) is also highly relevant. By using the same individual device for all test candidates, we were able to rule out any such influences.

Based on the survey data, the following daily usage scenario was simulated:

30 minutes

telephony

82 minutes

looking at photos

45 minutes

surfing the Internet

with the Android browser (using web pages on a local web server to rule out any influences through connection speed)

17 minutes

watching YouTube videos

with the YouTube app

13 minutes

watching videos saved on the phone itself

2 minutes

sending and receiving mails

with the Google Mail Client

1 minute

opening locally saved documents

Overall, the security suites performed well in this test. However, one of the products did cause higher battery usage, namely Baidu. We were not able to find a particular operation for which the product used more energy, but overall its battery usage was higher.

3http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-383.pdf

Malware protection results

Methods of attacking mobile phones are getting more and more sophisticated. Fraudulent applications attempt to steal smartphone users‘ data or money. To reduce the risk of this happening, follow the advice given here. Only download apps from Google Play or reputable app makers‘ own stores. Avoid third-party stores and Sideloading4