GadgetTrak Blog

The Mobile Anti-Virus Myth
Saturday, October 9, 2010

We get asked quite a bit why we don’t add anti-virus to our new mobile security product and the answer is simple, it would be dishonest, as true anti-virus for mobile devices is not possible with the SDKs provided by most mobile platforms. In the mobile security space there are many companies selling what they call “anti-virus” applications for your smartphone, however the term is being used erroneously on purpose. A virus as it relates to computing devices is defined by the security community as software that can replicate itself into documents and executables and infect other devices either automatically through a network, or a storage device such as a USB flash drive, with the end goal of corrupting data and damaging the operating system.

In order to detect and mitigate the risk of real viruses the software would need to be able to run as a root process on the system, something that is currently not possible on most mobile platforms where applications run in a sandbox. For example, none of the Android “anti-virus” apps can provide zero day protection, at best they listen for the package installed intent then do signature based detection. If there were an actual real kernel exploit in the wild a sandboxed third party app won’t be able protect you, you would need an OTA patch from Apple, Google, OEM or your mobile operator.

What the applications claiming to be “anti-virus” are really detecting is potential malware that the actual developer of an application has put into the code to steal data from your phone, or interact with the phone to make it send premium SMS messages etc, this is more correctly defined as a trojan, spyware, or the all encompasing malware. Although these tools may be marginally useful, for the most part they do not replace common sense, being cautious of what applications download and carefully reviewing the permissions of the application when you install them.

To date there have been no wide-scale real self replicating viruses on the most popular smartphone platforms. There have been suspect applications that once reported have been removed from the various markets and both Google and Apple have the ability to remotely activate a kill switch on malicious applications.

So why do these companies call it “anti-virus” when it isn’t? The answer is simple. Marketing. Like any good social engineer they know the “normies” don’t know the true definition of anti-virus, the term is ingrained in our heads from the years of marketing from computer security firms and so we equate anti-virus as something generic that will protect our phones from nasty things. In addition you will see these companies over amplify threats in their marketing material through a little something called FUD ( Fear Uncertainty and Doubt ), they will feed statistics from their own “research” to the press in order to generate hysterics in hopes that the reporters don’t check their facts, which unfortunately most do not.

The false sense of security these applications provide by using the term “anti-virus” erroneously is irresponsible. Saying they are protecting you from viruses can be more dangerous than the viruses themselves, as it may keep someone from installing a critical security patch from the vendor, as they believe the third-party application is protecting them, when in fact it is not.

Ken Westin
ActiveTrak Founder & CEO

  • Recent Posts

  • Recent Comments

    • Archives

    • Categories

    • Meta