Eset Mobile Security Review

[Michelle Benitone]

Withthe introduction of run-time permissions in Android 6.0 (Marshmallow), Google gave users more control over the information and private data their apps have access to. This approach is very different from the one adopted by earlier Android versions, where apps asked the user to grant all the necessary permissions prior to installation. Since Android 8.0 (Oreo), the global security setting Install from unknown sources has been a run-time permission that needs to be granted for each app once. The built-in malware protection Play Protect is preinstalled on devices running Android 8.0 or later, and is also available on older Android devices that support Google Play Services 11 or later. Additional functions, for device loss and safe browsing for Google Chrome, were integrated as regular components as well.

Android 10 brought some significant improvements for security and privacy which are refined in later versions, e.g. the concept of scoped storage, the opportunity to limit the access to some resources (e.g. location) to times when the app is in active use, and certain restrictions on background apps. Apps (except for privileged/system apps) are also prevented from accessing specific device information, e.g. non-resettable device identifiers like IMEI, IMSI, MEID, SIM, and build serial number.

The resulting restrictions imposed on apps targeting Android 10 or later has affected mobile security vendors, among others. Their apps require all available device permissions, including device admin rights, if they are to fully monitor and control the device, and protect sensitive user data against security threats. Because of all the changes made on Android permissions, mobile security apps might provide clearer explanations to users when requesting access to sensitive device areas and setting up in-app security features (e.g. anti-theft).

In regions such as the United States and Europe, only two official app stores dominate the mobile app market: Google Play and the Apple App Store. The risk of inadvertently downloading and installing malware from Google Play is small, as the app store is regularly checked for fraudulent and dangerous apps. However, in many Asian countries, especially China, the risk of being infected by malware is much higher. There are many app stores provided by various third-party vendors, and many smartphones are rooted as well. There are about 1.63 billion active mobile devices in China, and about 76% of them run Android as the operating system. The most used Android app stores are shown in the doughnut chart above. Google Play is used by almost no one (

In November 2020, a US Executive Order was signed, prohibiting US companies (such as Google) from doing business with blacklisted Chinese companies. This also affected Chinese telecommunications and smartphone-manufacturer giants, who produce and sell mobile devices running Android worldwide. Consequently, Google apps and services, including Play Protect, will no longer be available on future device models from certain Chinese developers.

Today, the smartphone is often used as a replacement for the PC, and so is frequently employed for common daily tasks such as online shopping, online banking, money transfers, instant messaging, video conferencing, and emailing. Cyber-attacks are becoming more and more sophisticated, and increasingly target mobile devices, with fraudulent applications attempting to steal user data or money. These apps often appear as fake versions of popular apps, the genuine versions of which have been downloaded by millions of users (including from Google Play). To reduce the risk of becoming a victim, we suggest following the advice given here.

Only download apps from official app stores like Google Play, or stores of reputable app makers; avoid third-party stores and side-loading. A quick look at the reviews in the app store before installing an app might help. Avoid apps with predominantly bad or dubious reviews. Assess requests for irrelevant access rights or permissions by questionable apps critically. Of course, not every app that shows strange behaviour is necessarily malicious, but it is good to consider whether it is genuine and worthy of use. Google Play continuously updates its policy to guarantee a certain degree of security, e.g. requiring app developers to verify their identity, digitally sign their apps, and meet the target API level requirements. In recent years, apps have also had to undergo several review processes and be approved by Google regarding privacy (e.g. access to SMS and background location) to stay in Google Play.

Rooting the smartphone increases the potential that malicious apps will take control of the device. Furthermore, it is not legally clear-cut for some manufacturers whether the warranty is still valid if the phone is rooted. Public Wi-Fi networks (e.g., coffee shop, airport) are popular targets for attackers to steal and compromise sensitive data. Therefore, we advise against entering/sharing sensitive data (user credentials, bank/credit card information, etc.) when connected to a public Wi-Fi, unless you are using a VPN connection; this will encrypt your network traffic and so prevent hackers from reading it. It is also important to keep your mobile device up to date with the latest security patches and Android version, which ensures that previous device vulnerabilities and potentially dangerous APIs are fixed.

In this section, we give a brief overview of common security-related components found in most security products for Google Android. The most obvious component of a mobile security app is the malware scanner, which protects the user against the inadvertent installation of malicious apps on his or her device. Like anti-virus programs for Microsoft Windows, mobile security apps for Android use a number of different protection features. The real-time protection checks new apps during the setup process. This prevents the device being compromised by the installation of a malicious program.

The on-demand scanner searches the whole device (internal storage and/or external SD card) for any malicious apps that are already installed, or downloaded APK files that have not yet been run. For apps that rely mainly on malware definitions to detect malware, keeping these definitions up to date is a critical factor in effective protection. Some vendors offer more frequent updates with their paid premium versions than with the corresponding free versions. A number of the tested products offer a cloud-assisted malware scanner to ensure the app has access to the very latest definitions. Updates are either retrieved automatically by the app at specified intervals, or triggered manually by the user.

Many security products offer web protection, which prevents the user from unintentionally downloading malicious apps or accessing phishing websites while surfing the Internet. Almost all products in our test have integrated safe web browsing, at least for Google Chrome, which is the most commonly used Android browser. Some apps support a variety of different third-party browsers in addition. This is an important factor, as many users like to use their preferred browser on their smartphones.

Another useful feature some products provide is app lock. It allows the user to protect selected apps against unauthorized access. The user can set up a locking mechanism, such as PIN, password, pattern, or fingerprint, which is required to launch a protected app. Some security apps offer options to further customize the app locking behaviour (e.g. unlock when connected to a trusted Wi-Fi, lock by location, or lock by time schedule).

To provide a simple overview of the features of a product, we use the same symbols as those on our website. At the beginning of every report, you will see these symbols; those in orange represent features the product has, while those in grey represent features that are not included. All symbols apply to Android 12 only, which we used in our test.

The malware used in the test was collected by us in the few weeks before the test. We used 3,127 malicious applications, to create a representative test set. Apps with the same certificates and/or the same internal code were removed, in order to have a test set of genuinely unique samples. The security products were updated and tested on the 19th May 2022. The test was conducted with an active Internet connection on genuine Android smartphones (no emulators were used). The test set consisted exclusively of APK files. If available, an on-demand scan was conducted first. After this, every undetected app was installed and launched. We did this to allow the products to detect the malware using real-time protection. A false-positives test was also carried out using 500 clean apps.

As in our previous investigations, we measured the additional power consumption caused by each of the mobile security products. Testing the battery usage of a device might appear to be very straightforward at first glance. If one goes into more detail, the difficulties become apparent. Particularly with mobile phones, the usage patterns of different users are very varied.

Some use the multimedia functions extensively, others view a lot of documents, while some use only the telephone functions. We need to differentiate between power users who take advantage of all the possible functions in the device and traditional users who merely make and receive phone calls.

In our test, we found that all the tested mobile security products had only a minor influence on battery life, as outlined in the table below. In general, we were able to give the tested security suites high marks regarding power usage.

Avast Mobile Security Free is an ad-supported product which includes a variety of security-and privacy-oriented features such as malware scan, web and Wi-Fi security, Hack Alerts, and App Insights. Photo Vault and anti-theft functionality are also included, but with some limitations. Other app components, such as Junk Cleaner and Wi-Fi Speed, help the user monitor different aspects of the device. Avast asked us to test and review the free version of their product. Please note that Avast owns AVG, and the respective Android apps appear to be identical in functionality. There are some minor differences in the user interface, however.

3a8082e126