Android and AntiVirus Apps

Hi there,
Antiviruses on Linux / android is a fake
Since I use linux back in the 90s, there as never been a virus like "i love you "on windows. Windows RTC stuf was great, where they could take control of your PC over internet.
Sellers of antivirus made their money on windows.
Android is based on Linux software, and if you have an updated android , it is the most safe you can have. Mac is based on free BSD (linux like) same for PS5… There is no serious device not based on Linux …Except XBOX
So fairphone pretty much solves it all with 8 years of software android updates.
I recommend this very informative video on John, its not a fake. Check aswell jhon s story on netflix . You ll find explaination how Jhon pushed the fear of the virusfurther… anf MIGHT have contributed to some viruses too! https://www.youtube.com/results?search_query=JOHN+MCAFEE+

I am not saying that hackers and system vulnerabilities do nott existe ;)The idea of an operating system is to provide you a safe place to…operate …If its not the case you should change your OS, not add crape on top of it (like lately the super windows protection software that blocked many windows)

That may be. But ever since i’ve been with AVG. On Android. It managed to find several issues related to viruses and malware. Mostly due yo outdated Android hardware. Its not easy affording new hardware all the time. About the time Spectrum and Meltdown were leaked. I had been hacked using the new method found in the chips on Android. Avg did warn me to shut down the phone. Which helped me out. They cant get you if the device is off. Interesting how a useless app can find things. I ended up changing all my account passwords which took a while. Also enabled two factor to any accounts that hadn’t implemented it during this time. I have since had been subscribed to them for 8 years now. Unlike macafee witch never detected anything on windows. I considered that one an useless product. The Same with Norton. Windows Defender is not completely the one two go to today. Its always safe to at least have a spare program to run extra scans for peace of mind. There is some truth to your statement. But i would have to disagree with part of it. There are times when the apps are useful to have. I just think that some apps are out just to take advantage of your wallet. Here is a video even stating that MACs can still get viruses.

It may be old but true. Its always good to be sure.

Obviously anything and everything can get malware. The question is whether or not it will happen in practice and mobile + Mac just ain’t getting infected.

To get infected on virtually any OS today you need to download and run the file yourself. Even on Windows.

Or click a link. The only thing I figured was a ransomware attack of some kind. They were everywhere a few years ago attacking meat plants, power plants, and hospitals here in the USA around that time. I was probably unlucky because I used the hospital wifi to watch videos without a VPN. Goes to prove how secure those are. That’s a good reason to use a VPN is for that. I was just stating that they can be useful. A true story from my life experience. The only thing I know for sure is I sure didn’t click on any links that I thought were not legitimate links to webpages on youtube. Even I know to enter the websites name along the .com at the end. The browser also used the www. As the header to the website years ago. Nowadays its anyone’s guess. The header can be many different things today. That’s one of the reasons they removed the header as a requirement in later versions of chrome. You just type the websites name now to get the website due to autofill doing the rest. You don’t need to even state .com or any other domain requests anymore these days. This can lead to wrong redirects though using the browser. And as of now still persists today thanks to these updates. Like how Apple changed the header for their tv app to tv. Apple .com for their tv app as an example. I didn’t make the link clickable just in case this has since changed. You can still look it up in any search engine if you want to. I just want to play it safe.

Sorry, but sometimes I wish there was an option to award “bllsht” points in this forum.

Screenshot_20240922-165758~21164×175 14 KB

I get the picture. But it was honest. Everyone has their reasons and opinions I guess. I hope the videos I posted in edits lens me some creditability that i was honest about cyber attacks as well

My most recent examples are my dashcam companion app including malware in an update through Google Play and my attempt at finding a functioning version of the old Galaxy/black hole live wallpaper as apk. Both times my antivirus detected the apps.
Another time was back when I used random china phones, i had one that shipped with spam malware embedded in the OS.

And everything needs its own app nowadays, developed cheaply by some random software sub-subcontractor. You never know what you’re going to download. So at least some protection is better than none.

Theoretically possible != Will happen in practice if you have an up to date browser and OS.

Have you tried searching online for an old version. Then sideload the .apk file. Its most likely trial and error thing. Based on what I know about Android now. The safe bet is there. Google has a nasty habit of removing perfectly functional apps from the app store. This happened during the changeover from 32bit to 64bit code. 32bit is completely compatible with android backwards compatibility baked in the code unlike ios witch did the exact opposite and chose to only support 64-bit versions of apps. However this wasn’t the case woth the original iphone and its 16bit code. Due to the increased bit size and limitations in hardware was to blame. Fun fact windows 11 still offers 32bit OS for backwards compatibility with 16bit programs of the old times. With Android it was capable of supporting 16bit due to some company’s hardware choice before just being mainly of Qualcomm chips of today. The more you know. There is no reason why 32bit can be supported. Its just the code of any software has to have some sort 64bit support for it to be compatible today. A few years ago google made a design change to require those apps to have some code thus breaking any apps that didn’t have it. It was mentioned in an video a while ago. I don’t really remember the title to look it up. I had to search an archive just to find the other videos. CNET doesn’t do that program anymore. It didn’t nake enough money to continue supporting the show was the reason given. It may be difficult to find it. The point I’m making is as long as sideloading is still possible. The apps can be loaded. It just depends on the code of the app .apk file if it would still work on newer versions of Android. You just got to find one that doesn’t have malware in it. I’m surprised asphalt 7 heat had the very issue with it. It was to old to run on Android 14. Funny i can still run the same program on Windows with no issue. Its the full game .apk and with android support it runs flawlessly. A bit of advice from an old timer who knows his way around things. I hope that this helps you with your problem mentioned in your last comment.

The “Only Windows gets viruses, [My Favorite System] is totally safe” trope is old and so totally wrong… Every OS can be hacked, but the likelihood of it actually happening increases with the installed user base, because, well, profit.
In other words, Windows will get a lot of attention, because it covers about 80% of personal computer out there. Haiku on the other hand will most likely be ignored, because there isn’t much money to be made hacking it.

So, the conclusion is:

• MacOS is not safe, far from that: The installed user base is big, and there is a lot of money to be made since Mac users are usually wealthy (have more money to be stolen)… They are also usually totally ignorant, so they make easy targets.
• Linux is not safe, far from that. It has an ever-growing user base, and unlike in the past where Linux users were IT buffs, now there are a lot of clueless amateurs using it. Also, many professional servers run some flavor of Linux, so there is a very active ongoing search for vulnerabilities. Hacking some private persons’ bank/cryptomoney account with the same tool is just an added benefit.
• Android is not safe, actually it’s probably the most unsafe of all. It has a huge installed user base, which means lots of profit. Also, hacking somebody’s phone is hacking his very daily life: Not only can you siphon off his money, you also know what he’s doing, where he is, who he meets and what he says. Which is why there are literally hundreds of thousands actively searching to hack Android, from jealous spouses to nation-state intelligence actors wanting to be able to spy on specific people.
• “I’m not a target, who would want to hack me?”: This is utter nonsense. Actually you are the ideal target: naive and arrogant! You might not have millions to steal, but certainly enough to justify the 2 seconds of time investment it would take to commandeer your computer/phone. Either to steal your money (you must have some), or to just use it as a front end for illegal operations (hacking, terrorism, child porn, you name it). You might get ruined, even go to prison, or maybe not even notice it, but do you feel lucky?
• Antivirus are not a silver bullet. But they are still better than nothing. Most virus makers test their viruses to evade detection, at least for a while. Which means that if you check a file with one antivirus and it says it’s safe, it doesn’t mean another antivirus won’t detect a problem. That’s why there are services like VirusTotal, which scans submitted files with almost a hundred different antivirus solutions. But even if a file comes clean (or is declared infected) by all the antivirus solution out there, it doesn’t necessarily mean much: It could be a false negative or positive, but at least you’ve got some information to base your decision on.

All miscreants live from the assumption that “such a thing couldn’t happen to me”, which causes people to leave their valuables in view inside a parked car, click on any strange email which comes in, and all that. Those utterly naive (to remain polite) people are the food which keeps the criminals thriving and fat. Cull them and crime will become much less profitable.

The solution isn’t rabid paranoia, it’s healthy suspicion. Don’t assume everybody will go out of his way to make you happy. You aren’t special, sorry. There is no such thing as a free beer, and life is the subtle and often difficult balance between your interest, and the interest of all the people around you. Assume people will want to eat your slice of the pie more often than offer you theirs.

What helps, is being cautious on suspicious requests, messages, calls and so on.

IMO Antivirus Tools on any OS tend to open new security breaches as they need to hook very deep into the system. However, the update and security policies of the AV vendors is far from being good.
And all with the side effect that running such a tool causes more power usage, noise and sometimes even makes the systems unusable, that it is supposed to protect.

I call those tools Snakeoil and everybody who believes in the benefits should use it (and pay for it ),

on Android, there’s no way for antivirus software to “hook very deep into the system”, because user-installed apps are prevented from accessing system files (which is why rooting your phone is a thing). which, incidentally, is also why it’s pretty much useless on Android - it won’t be able to properly detect malware, and even if it did, it won’t be able to do anything about it.

To add to this, the single thing you can do to make your phone a step more secure is to restart it at least weekly. I personally restart it every other day and I’ve been doing this for quite some time.

Why is that? Because if you’ve inadvertently clicked on something or a zero click vulnerability found a way onto your device, it is most likely running in RAM and unable to reload after a phone restart.

It is the easiest one of 13 actions the NSA suggest to improve your personal phone security.
https://www.howtogeek.com/the-nsa-is-warning-you-to-restart-your-phone-every-week-heres-why/

My point was that today you’re infinitely more likely to get phished than you are to roll onto a website with a zero click that takes over your fully updated device.

Doesn’t mean the risk of that happening is zero, I’m just saying that assuming you don’t actually download and install anything then it’s incredibly unlikely you get infected.

With that said, it still happens daily. Especially since some people just won’t update their devices. I’ve had a few good laughs at work when I’ve realized that some coworkers haven’t updated their devices since they bought them.

And as others have commented, this is a thread about AV and on Android it’s pretty much useless to use an AV since they are sandboxed like everything else.

But since we are both using Fairphones we are likely living dangerously at this very moment seeing as we are months behind on security updates that in some cases are trivial to use against someone.

Unfortunately the problem isn’t as simple as that: Definition-based antivirus programs look for specific characteristics (think mug shots of the wanted criminals), and virus creators go out of their way to make sure their latest virus version doesn’t look like that.
Without going into boring technical details, there are programming methods to make code look like it doesn’t do what it actually does, or at least prevent understanding what it does.
Virus creators use the aforementioned VirusTotal too, and they don’t release their newest version before no AV sees anything to complain about. As soon as their product (viruses are commercial products now…) starts getting detected (couple days or weeks), they stir the code around and release a new, undetectable version. And so on.

There are also behavior-based antivirus solutions (usually all major AV solutions do a mix of both), but the behavior-based detection is very difficult to get right, because some programs are supposed to do things you wouldn’t want a virus to do (delete files, connect to Internet, etc.).
For this reason they require some in-depth knowledge to be used to their full potential, but on the other hand they don’t depend on definitions, and will detect suspicious behavior no matter how well the code was obfuscated.
Instead of checking of somebody is on their “wanted” list, they will simply arrest anybody caught doing bad things…

(Being overly pedagogic and verbose because most people here aren’t IT-savvy)
My point is, as I said above, that while AV is definitely not a silver bullet, it is definitely better than not having one. I know far too many (non-IT) people who called me at strange hours because their AV gave an alert. Only 1% of those were false alerts…

True, the only moment they can scan a program on recent Androids is while you’re downloading and installing it. After that it’s out of bounds.
But as I said, better a bad detection than none. It helps for instance against droppers, i.e. apparently innocent (and clean) programs which some time later (days, weeks) silently download and install the actual malware.

True, many exploits are not permanent, they only reside in memory (no file on disk).
Unfortunately, while servers are almost never rebooted and there is no need to achieve persistence there, computers and phones are much more often restarted. So for those, once they have managed to gain a foothold, miscreants will immediately try to install a rootkit (virus starting before the OS and thus undetectable and indestructible.
That been said, at a time I had reasons to be a little more paranoid, I rebooted my phone every evening indeed.

That is true! But there is no easy one-click solution to human stupidity…

That been said, installing a keylogger which will steal your banking passwords (and most importantly, your cryptocurrency wallet!) is still a very popular “get-rich-quick” scheme.
Viruses aren’t just your grandfather’s threat yet…

I offer a very basic anti-malware app for Android.
It scans files as they are created for matching hashes of malware and can also optionally scan all links on screen.
It is fully FOSS and never ever sends any of your files or their info anywhere.
Download: Hypatia | F-Droid - Free and Open Source Android App Repository
Stats: https://divested.dev/MalwareScannerSignatures/

If you do want a more proper one Sophos Intercept X seems the least privacy invasive of all the proprietary ones.

But regardless, please keep your system and apps up to date.
See also these helpful guides from the NSA:

• mobile device best practices: https://media.defense.gov/2021/Sep/16/2002855921/-1/-1/0/MOBILE_DEVICE_BEST_PRACTICES_FINAL_V3%20-%20COPY.PDF
• home network best practices: https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
• public wifi best practices: https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF

The NSA doesn’t seem to have heard of malware scanners for mobile devices?

@llluuuzzziii
The NSA in their guides like that tries to be vendor agnostic and not recommend any specific tools.

But yes, as mentioned above, malware scanners on Android are extremely limited in what they can do, so it is hard to say if they are that beneficial.
I still think there can be some value in them, as long as there are actual security measures before them. ie. modern hardened Android with latest security patches & updated apps

I am not referring to those differences. What I was writing about is, that the so called security tools very often lack security themselves but as they are hooked deeply into systems those insecure tools have much wider permissions as normal applications. And that is a disaster in terms of IT sec. Instead of increasing security they minimize it.

My point exactly!
.

I know, I just thought I’d explain the general situation to the less savvy people in this forum who will be coming here to get an opinion. Viruses and antiviruses are a domain fraught with superstitions and false beliefs. “Here be dragons”…

Now about the problem you mention, it’s true any app can be a potential point of ingress, especially dangerous if the program has extended privileges.
But on Android this isn’t so important because those antivirus programs don’t run as root. The reason they can’t really do their job on Android is also the reason they can’t do much harm…
It’s mostly on Windows and MacOS they could do some serious harm. That been said, it’s usually better to breach the main OS than to transit through the AV solution, because there are hundreds of AV solutions out there, so targeting one of those will severely limit your ROI (return on investment). Don’t forget virus writers are shrewd businessmen (and -women), the time you wrote a virus for street cred and lolz is over.