Android Has a Big Security Problem, But Antivirus Apps Can’t Do Much to Help

android security

Yes, Android devices have serious security problems. There’s Android malware out there — mostly outside the Google Play Store. The biggest problem is that most Android devices don’t get security updates. Android antivirus apps aren’t a solution to these problems.

Security companies have been pushing their Android antivirus apps, using the concern over the Stagefright exploit to sell security software. But Android antivirus apps aren’t going to help you here.

How Antivirus Works on Windows, and How It Doesn’t on Android

First, let’s cover how antivirus software works on Windows. Antivirus software on Windows hooks into the operating system at a low level. To provide real-time protection, antivirus applications use “file system filter drivers” to intercept file access requests and scan those files for malware before they’re allowed to run or otherwise be accessed. If the antivirus application detects a problem, it can block the access and use its low-level permissions to immediately delete or quarantine the malware.

That’s how antivirus works on Windows — Windows provides a way for antivirus software to get low-level system access.

Android doesn’t provide a way for antivirus apps to get this low-level access. Android confines all apps to sandboxes and restricts the permissions they can use. There’s no special way for an antivirus app to hook into your system at a low level and stop you from installing a malicious app, or stop a malicious website or message from exploiting a security hole and running malicious software on your system.

When the malware is already running, the Android sandbox prevents the antivirus application from interfering with or closing a malicious app. If the malware used a security hole to gain root access, that malware is actually running with higher permissions than the antivirus app itself.

You can see this when you install an antivirus app on Android — it has to list its permissions, just like every other app.

So What Do Android Antivirus Apps Do?

Of course, Android antivirus apps can do some things. They can view a list of the apps you have installed, check the names of those apps, and compare them to a known list of infected apps. That’s it — the apps are scanned by their names. Android antivirus apps can’t scan your system for malicious processes that may have been installed when your phone was compromised through a security hole.

An antivirus app may also have a file-scanning feature, offering to scan your SD card and intel storage — the user-accessible part, at least — for potentially malicious files. But unless you’re downloading malicious Android apps in APK form and storing them on your SD card, this won’t really do much good. It can’t scan the entire file system — including system areas, where programs are stored — as it can on Windows.

Android antivirus apps can still do more than that, of course. They can monitor your network activity and scan incoming traffic to prevent you from visiting malicious web pages and downloading potentially malicious apps. This sort of activity will slow down your phone — or at least drain its battery a bit more than necessary — and functions more like a web filter than anything else.

These apps also pack in other tangentially related features, such as lost phone-tracking. But Android allows you to track and wipe your lost devices for free.

Your Android Device Has Integrated Antivirus

But here’s the thing: Your Android device already has built-in antivirus functions. If you just get your apps from Google Play, those apps are constantly scanned for malware. If Google finds a malicious app in Google Play, the app is pulled from Google Play and can be automatically removed from your device, too.

If you decide to enable apps from “unknown sources” and sideload an app from the web, the first time you do so you’ll be asked if you want to let Google scan the apps you install for malware. Try to install a malicious app — even one from outside Google Play — and Android will warn you.

These “Verify apps” options are located in the Google Settings app on your device, under Security. It regularly checks your device for potential security problems and malicious apps.

This stuff is baked into the Android operating system as part of Google Play Services. Unlike Android antivirus apps, Google Play Services does have a higher level of system access and receives automatic updates to attempt to patch security holes without full operating system updates.

There’s more, too. Google Chrome for Android now includes the same Google Safe Browsing feature used on Chrome for desktop, so Chrome itself is already scanning incoming traffic and warning you before you access potentially dangerous web pages or download potentially dangerous apps.

Skip the Antivirus Apps

We’re not saying that Android’s built-in security protections are good enough. Android devices need to receive regular security updates for their operating systems.

But an antivirus app doesn’t provide any real extra security. Your Android device already has more powerful antivirus-style features built in.

In theory, if Android provided enough low-level access to antivirus apps, an antivirus app could actually be useful. However, it doesn’t, so antivirus apps aren’t useful now. Adding enough permissions for antivirus apps to function would also open new paths for malware to take advantage of those same low-level permissions.

This apps will probably worsen your battery life, and could cost you money if you decided to pay for them. Even worse, they might provide a false sense of security. Aside from that, they’re not really harmful to use — they’re just not helpful enough.

Protecting Your Android Device

Antivirus apps aren’t important for staying safe on Android. Avoid sideloading apps if possible — just get them from Google Play. Most malicious apps come from outside Google Play. For example, Chinese app stores often seem to contain infected apps. Downloading a pirated version of a paid game and attempting to install it is also dangerous. However, there are some legitimate apps you might want to sideload, like the Amazon Appstore and all the apps from it.

It’s also important to use a device that receives security updates. If you do want to use an Android device, we recommend Google’s Nexus devices, which receive security updates straight from Google. Even these devices don’t get security updates as fast as they should, but they’re better than the alternative.

Yes, most Android devices won’t receive security updates. It’s a crazy situation Google, device manufacturers, and cellular carriers have put us in.

nexus 5x


It’s understandable that many Android users, coming from Windows, would think to install an antivirus application. After all, many of these applications are made by companies that also create Windows antiviruses. But those antivirus apps don’t function like Windows antivirus software and don’t have enough permissions to really secure your device. Android already has more comprehensive antivirus-style protections baked into the operating system.

Image Credit: Uncalno Tekno on Flickr, TechStage on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.