Does Android really need an Anti-Virus?

There been a few times I think I have malware on my Android phone. I have tried different anti- virus apps, like Malwarebytes, AVG, Avast, and Avira. All have come up clean with weekly scans. Does Android really need an Anti-Virus? The security patchs seems to do its job.

The best antivirus/antiwhatever is Common Sense 2018. Some people seem to have issues with it, but it is a great tool for those who use it.

Some people have issues with out-dated information. Common sense, is overrated. By saying it’s enough, you’re saying no one with common sense has had a virus. Which is not accurate

Also doubt that these antivirus engines for android do kernel scanning, low level scanning etc. If they only scan the apps, then yes common sense helps

If you only download apps from the Play Store, only download highly-rated apps with thousands of ratings, carefully evaluate before granting permissions, and actually say no when the requests seem excessive then no you don’t need an AV on Android.

If you partake in risky behavior, and you know who you are, then yeah get one.

If you’re lucky to have a phone that gets the monthly security patches then that’s a good bonus, even if it safes up some attack vectors more than protecting against malware. On modern android one can and should consider every permission that an app requests, just to be a bit extra careful.

Unfortunately malware pops up in the store now and then, and any smaller or even mid sized app could potentially be purchased by some shady company that carefully add or rewrites the code to pass through the checks.

On an older unit that is no longer updated I’d gladly run a scanner now and then just in case. And try to minimise the amount of important documents or other easily accessed sensitive data on a phone.

Or maybe you have Messenger on the phone and are screwed for life.

The permission system on Android is laughable. Apps that have nothing to do with other areas of the phone needs permission. Click it once and it has permanent permission, no one-time or custom permissions. The higher ups are like

BS, you can revoke permissions any time. If the app still works after that is up to the App Developer.

Also pro tip: don’t install apps that want all the permissions?

For the question at hand… as far as I know antivirus don’t really work on Android anyway due to sandboxing, one app doesn’t have access to what other apps are doing unless explicitly implemented.
Unless the antivirus runs on root it’s basically useless.
I’m not an Android guy though, that’s just the last thing I know of.

I’m curious how Android AV programs actually claim to work. I’d imagine they take advantage of root when available.

My guess is it works LIKE SELinux… In my experience with ESET anyways

Which doesn’t work in 99% of phones sold in the first place (for the user group they are targeting).

I thought Android already uses SELinux…

Another layer on top of another layer of security!
securitiception!

It’s suddenly bs because it’s possible to revoke permissions? It’s still status quo that most app’s don’t work after revoking and you know that, so why call bs?

Sure, that’s easy enough to say and looks good on paper. Nevertheless, most app’s still require much more than what is needed. Instead of for example, giving permission to all files, why not just one instead? Nope, cause there has to be a fine line between technicality and usage. Otherwise watch it plummet

Bruger is 100% correct, it’s very difficult to audit Android permission requests, and they often just won’t work if you deny them. That’s how Facebook recorded the metadata surrounding every call and SMS its Android users made.

You’re not allowing software to access a required feature and now it’s not working? egad!

You can revoke permissions from an application at any time. For example, My camera app wants permission to access the camera and the mic. I don’t want it to record audio, so I’ve not allowed the mic permission. It still works.

I have seen some apps that don’t let you use them until all the permissions have been accepted, but in my experience that’s the outlier.

That’s a new one for me, but not at all surprising. Let me get my helmet…

tin foil dome.jpg600x686 97 KB

Alright, now that that’s on, I’m safe. I can continue the discussion: We’ve pretty much known not to trust android apps since 2012. I’m not sure why people are freaking out about this sort of thing. If you’re using Facebook in 2018, you shouldn’t be concerned about security or privacy. You have none.

I think this is a good goal to strive for, but that’s going to require a fundamental change in the way Android is structured in order to achieve such a goal. I suppose SELinux could be implemented to allow such ACLs, but it’s definitely a complicated procedure and you’d probably require a lot more reboots after app installs than people would be satisfied with.

Don’t get me wrong, I’d love to have more fine-grained control over permissions, but something about it just doesn’t seem doable.

Yes, news came out last month.

So who is this “we”? I’ve been called a nutter for not having a Facebook account more times than I can count. I’ve had girls not go out on a second date once they hear I don’t use Facebook, because they assume I’m lying and have a second Mennonite family in rural Pennsylvania who I beat mercilessly with a willow switch. Lots of people use Facebook, and until very recently most brushed any privacy concerns away. They just didn’t care.

And really? They still don’t.

Friendly reminder that this is not the let’s bash android’s permission system thread

I didn’t say you were insane for using or not using. I just said that if you still use Facebook, you clearly don’t care about privacy or security.

I’ve never had that problem before. Sounds like they have major trust issues though. I wouldn’t call it a big loss. Don’t mess with trust issues.

Bringing this back around:

Since we’ve clearly shown that Android has (at least in our opinions) unacceptable permissions handling, it seems like android would benefit from some sort of watchdog software. Maybe Antivirus isn’t the proper term for it, but it probably needs something to safeguard the user from malicious software.

Agree, disagree, thoughts?

Not a great loss in ultimately finding my soulmate and growing old together perhaps, but in terms of more immediate satisfaction I was a bit frustrated!