Discussion on:

How effective is antivirus software on smartphones?

While Mr. Lambert makes some valid points about how modern phone operating systems are more secure than their traditional desktop counterparts are, he glosses over some very important facts and in doing so draws some incorrect conclusions about the effectiveness of and the need for antivirus on your mobile phone. I'd like to touch on a few things Mr. Lambert claims, starting with: "...each app is given its own work environment, and is unable to access other apps data...This, by itself, is a huge security improvement, and means that no malicious software can do much harm by simply being installed."

The statement that scares me is his claim that apps cannot access other apps data, and therefore malicious software can do little harm by simply being installed. This is incorrect on a number of levels, and the fact that this was published by a journalist on a major, well-respected blog in a forum on security no less, really shows the lack of understanding of the mobile space by traditional IT professionals and its potential impact on the enterprise. I would go so far as to say that it is this kind of lack in technical depth and expertise in this new frontier that makes mobile antivirus a must and the potential for danger so high.

Yes, by design Android and iOS force 3rd party apps only to run in and interact with data in their own process space. This is called sandboxing and is in fact a huge step forward over a traditional desktop OS when it comes to preventing viruses and attacks. However, in reality there are still threats, and while not as many as occur on the desktop, the fact of the matter is these threats are often more dangerous, because the system tends to operate under the assumption that it is immune from any ill-will.

At least on Android ANY app can get a list of all other packages installed on the phone. Apps can also "subscribe" to system events, such as "hey a new app was just installed". Mobile security apps use this event to initiate a scan and profile of an app whenever the installer is invoked, whether the app comes from Google's official market or is side-loaded.

Again I'm speaking about Android specifically here but there is also a necessary and sometimes misused OS mechanism called an Intent Receiver. An exploit of this particular mechanism and a serious permissions problem was uncovered right here in this forum a number of months ago (http://www.techrepublic.com/blog/security/androids-permission-system-does-it-really-work/6322). Apps advertise "intents" available to other apps and this gives the apps a way to interact with one another.

On top of this both Android and iOS have space for global data storage, so again there is some potential for doing damage and cross pollination here. I'm not saying that viruses are rampant on smart phones--they aren't. But that doesn't mean its okay to be lackadaisical and just hope one doesn't take hold. Especially when perfectly good tools like Lookout (http://www.techrepublic.com/blog/smartphones/lookout-provides-security-and-anti-virus-for-your-android-phone/3335?tag=content;siu-container) can be obtained at no charge.

The second and even more alarming claim made in this article is: "So right away, the potential for trouble from a single app is fairly limited. But it also means that theres not much an antivirus could do either. Any antivirus software you install on a phone would not be able to scan any other app, or any data used by those apps."

As I already stated, antivirus packages on a mobile phone can and do scan other apps. Not on a byte-by-byte basis like a traditional OS antivirus does, but rather at a package level, where it looks for signatures of known threats, as well as repackaged threats, examines permissions, and can if needed review exposed intents. And while a virus on your phone may not be able to get into another application's sandbox (generally as there cases where even this safeguard has been circumvented), it most certainly can wreak havoc across your shared data store, this usually includes your photos, videos, etc. And unlike your traditional desktop malware, a threat on your phone could do things like sms message all your photos to all your contacts. If that's not a security issue, I don't know what is.

When a threat is detected, as Mr. Lambert pointed out mobile antivirus cannot simply uninstall the infected application. What he failed to mention though is that through the use of the intents we talked about earlier, antivirus can and does launch the uninstaller with the parameter of the offending application. So yes, technically it is the OS uninstaller and not the antivirus process that is doing the threat removal. But let's be honest does that make difference? The antivirus is still catching the threat and initiating the action that gets it off your phone. In my mind, that's a check in the "it works" column.

Perhaps the most perplexing statement to me in the article is the single sentence: " There is antivirus software out there for iOS and Android, but unless you jailbreak or root your device, their abilities are limited." Honestly I can't help but think Mr. Lambert has never actually done a jailbreak (or root in the case of Android), on one of his phones. If he had, he would know that the this is often accomplished by downloading a jailbreak app!

I hope I'm not the only reader to see the irony here. Mr. Lambert points out that when a phone is rooted, there is then a potential for serious damage. Yet he says not to worry as long as you don't root the phone, ignoring the fact that you often get the phone into a rooted state by running an app. So if you could simply download an app that roots your phone intentionally, why then would he think it was inconceivable for someone to unintentionally download an app that rooted the device? Because bad guys always label viruses as such before submitting them to the market? It doesn't take a great leap of logic to conclude that smart phone malware can and periodically does jailbreak the device unknowingly to the user.

Again, I'm not trying to say that the sky is falling, that smart phones are not safe, and that you should never allow a smart phone to be on your company infrastructure. In fact I'm agreeing with Mr. Lambert that modern smart phone operating systems tend to be significantly more secure than their desktop brothers and sisters. That said, Mr. Lambert proves here that in many cases smart phones operating systems are significantly misunderstood, even by professionals in the industry. Installing antivirus on your phone is one measure you can take to help protect yourself against both malware, and the massive amounts of misinformation out there. Most antivirus packages for smart phones offer a free version for personal use and it only takes a few minutes to set it up. Am I the only one who disagrees with Mr. Lamberts conclusion that installing antivirus on my phone is not worth the effort?

I believe your right about iOS. But on Android you dont need root to let AV scan apps (an AV can be granted higher permissions, if I??m not mistaken). The AV that I??m using is scanning apps on installation. And yes, there are several viruses for Android. And despite sandboxing - as long as Google Play supports the "good app gone bad" model we still need AV. I favour Android myself, and believe the best protection is reading and understanding app permissions.

I??m not that familiar with iOS. The beigger risks as I see it are iOS users that believe it??s a secure environment, and Apple not revealing vulnerabilities.

Could you take a look at Tim Wyatt's 4/3 post on the Lookout blog and explain how "right now there hasn???t been any real virus on modern smartphones"? The malware variant Wyatt describes uses a malformed JPEG to gain root access to the OS, then downloads and installs a payload app. Is this not virus behavior? Or maybe you don't consider Android prior to 2.3.4 to be a "modern" smartphone OS?

Authorwfi I agree with you I could not believe what I was reading I am only learning security and it did not ring true, I don't trust cell phones on my network I know it comming, also I have AV on my Droid gave it full permissions it scans all app I have (that's not many ) alo I have no info on phones

Incredible optimistic story.
If Apps can only access their own work environment, then how come the Official Twitter App can just copy my entire address book onto their servers?
And under a PC OS (Windows, Linux, Mac OS X), RAM is not freely accessible at all. Each application is given its own area by the OS. It can only access the RAM through the OS.
The Chrome Browser also restricts access to other parts of the system.

I was about ready to say: "Forget it" to the idea of installing anti-virus software on my phone. Then I read the response to this article.

The antivirus software is very important for smartphone as it protect it from all sorts of virus attacks. I completely trust the antivirus for smartphone as i myself use it and have never faced any virus attacks. I use Immunet smartphone antivirus software and i am always away from any and every virus attacks.

In the internet market there are many mobile security for smartphones , For my android smartphone i have choosen the mobile security called comodo mobile security which as the best privacy , and security options

Helpful article discussing how effective antivirus software on smartphones. As more & more data is stored on smart phones. This will be a growing concern.

Thanks for info, author. I am happy to know we continue to have a wide variety of mobile security apps to choose from. At the moment, I am using AVG's mobile security apps.
http://www.avg.com/antivirus-for-android
It seems cool. I have not noticed any slowdown. It scans automatically every app I install, plus few other great functionalities. I will be happy to try out other options though, if need be. Information well appreciated.