Security Apps under the Looking Glass: An Empirical Analysis of Android Security Apps

TL;DR

This paper provides an empirical analysis of Android security apps, revealing privacy risks and effectiveness issues, including data resale and malware detection failures, based on static and dynamic analysis of 100 apps.

Contribution

First comprehensive empirical study of Android security apps analyzing their metadata, static and dynamic behaviors, highlighting privacy concerns and detection limitations.

Findings

20% of apps potentially resell user data without consent

Around 50% of apps fail to detect malware

Some apps access sensitive personal information

Abstract

Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.