reported that a game called Tap Snake, available in Android Market, was actually a mostly harmless piece of spyware. I took to the opportunity to test a few of the anti-malware apps available on the market: antivirus free from droidSecurity, Lookout, Symantec's Norton Mobile Security for Android beta, and Smobile. I was also going to try SmrtGuard, but I couldn't get the app to activate before Tap Snake was removed from Android Market. Of those four apps, only one detected Tap Snake as a potential threat.Last week Sarah Perez
Surprisingly, Lookout was the only app that caught Tap Snake. I say surprisingly, because Symantec definitely knew about the app by the time I conducted my tests on the morning of August 17th. droidSecurity, SmrtGuard and Symantec did not respond to inquiries as to why their respective apps failed to detect the spyware.
It's important to note that one is an incredibly small sample size, and it's hard to judge a security solution based on one case study. The apps also have other security features, such as backup, device location and remote wipe, that are worth considering.
How I Tested
I downloaded and installed each app from the Market and activated it and made sure it was ready to go, then I tried to install Tap Snake from Android Market. After each test I removed both Tap Snake and the anti-malware app before installing the next anti-malware app. I tried Norton multiple times due to my disbelief that it wasn't detecting App Snake.
Do Enterprises Need Mobile Anti-Malware Solutions?
Forrester analyst Andrew Jaquith, in his report on iPhone security for enterprises, claims mobile antivirus is a waste of money. He may be right. Tightly controlling what apps can be installed - whether using BlackBerry Enterprise Server or a third-party solution - will probably be adequate for most enterprises.
So far, the instances of malware for Android and iPhone have barely progressed past the "proof of concept" stage. CERT warned about BlackBerry malware proofs of concept as well (in fact, Blackberrysync once found Smobile more effective in catching BlackBerry malware than Lookout, though Lookout claims it's fixed its BlackBerry product since then).
However, if security managers really want to give users the ability to install applications at will, anti-malware apps could be deployed and required through an enterprise device management solution, or simply required by organizational policy. Of the anti-malware solutions I looked at, only Smobile has an enterprise solution at present, but Lookout's CEO John Hering says an enterprise product is on the company's road map.
Update: DroidSecurity's CTO, Dror Shalev followed-up with us with this to say: "From technical point of view, we added net.maxicom.android.gpsspy on 8/17 after reading Sarah Perez's post at readwriteweb.com. We identified that 6 users in the wild downloaded this before we added this malware to our block list. We put up a security post on our site on 8/19."