Advice Request Do we really need AV on Android?

[ForgottenSeer 85911]

Google does not directly supply security updates to OEM phones

just one among many reports

146 New Vulnerabilities All Come Preinstalled on Android Phones

The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new.

www.wired.com

Android security is absolutely terrible
researchers have established it many times

Everything said here back in 2015 true today

87% of Android smartphones are insecure

Android is a desperately vulnerable system, and OEMs make it even worse by not providing critical patches in time

usa.kaspersky.com

"We should admit Android is a desperately vulnerable system. "

 

[ForgottenSeer 823865]

Ironically, on phones, Android (Linux based) is as vulnerable as Windows while Windows Mobile was safer, while on PC, Linux is safer than Windows...

 

[HarborFront]

Another similar thread here

Advice Request - Does Android device need Antivirus app?

Does Android device need Antivirus app?

malwaretips.com

 

[Local Host]

Android only needs an Anti-Virus as much as Windows, it all depends on the user.

Neither my Windows Desktop nor my Android Smarpthone need an Anti-Virus, unfortunally not everyone knows how to behave online like myself (in order to avoid malware).

 

[ForgottenSeer 823865]

Android only needs an Anti-Virus as much as Windows, it all depends on the user.

Neither my Windows Desktop nor my Android Smarpthone need an Anti-Virus, unfortunally not everyone knows how to behave online like myself (in order to avoid malware).

Sadly safe habits won't protect you from the rare case of hacked servers or compromised legit installers, you will need some safeguards.

P.S: you may need to update your config thread

 

[ForgottenSeer 85911]

Ironically, on phones, Android (Linux based) is as vulnerable as Windows while Windows Mobile was safer, while on PC, Linux is safer than Windows...

the abysmal Android security is due to the manufacturers not supporting the OS after a few years whereas the Linux community actively supports fixes on desktop
Android OS phone scam, scam, scam

 

[Outpost]

My opinion is that you don't need an antivirus.

Just common sense, don't install apps from unknown sources, an adblock and if you want a VPN too.

Catastrophic articles like those posted by @georgann94 "casually" are often written by security software manufacturers. What better opportunity to sell their products.

 

[oldschool]

Catastrophic articles like those posted by @georgann94 "casually" are often written by security software manufacturers. What better opportunity to sell their products.

And clickbait!

 

[ForgottenSeer 85911]

My opinion is that you don't need an antivirus.

Just common sense, don't install apps from unknown sources, an adblock and if you want a VPN too.

Catastrophic articles like those posted by @georgann94 "casually" are often written by security software manufacturers. What better opportunity to sell their products.

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Android

literally hundreds and hundreds and hundreds
actually thousands

Android is a cesspool

 

[Outpost]

Lots of bugs refer to third party apps, so Google is not responsible.

The question of the post is whether AV is needed on Android. You are moving the discussion about bugs and vulnerabilities. An AV does not protect against bugs and vulnerabilities. So going back to the topic, I think an AV is not necessary.

 

[ForgottenSeer 85911]

Lots of bugs refer to third party apps, so Google is not responsible.

lulzwut?

Yes, most of the exploits might involve 3rd party apps, but it is Android itself that is exploited. So yes, Google is responsible.

That's why it gets reported to Google so it can fix it.

I asked you not to bother me. But you keep doing it. I'm asking you one last time to stop harassing me.
Thank you

 

[ForgottenSeer 85911]

And clickbait!

Really ?

MalwareTips is full of clickbait fed by MT members that monger clickbait ?

Nasty Android malware reinfects its targets, and no one knows how

A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off. xHelper came to light last May when a researcher from security firm Malwarebytes...

malwaretips.com

146 New Vulnerabilities All Come Preinstalled on Android Phones

The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new. When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew...

malwaretips.com

Critical Android Bluetooth Flaw Exploitable without User Interaction

Android users are urged to apply the latest security patches released for the operating system on Monday that address a critical vulnerability in the Bluetooth subsystem. An attacker could leverage the security flaw, now identified as CVE-2020-0022 without user participation to run arbitrary...

malwaretips.com

Microsoft Outlook for Android Gets Spoofing Vulnerability Fix

Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. This new vulnerability is titled "CVE-2019-1460 | Outlook for Android Spoofing Vulnerability" and it allows potential...

malwaretips.com

Critical Bug in Android Antivirus Exposes Address Books

Comprehensive testing of 21 free Android antivirus apps revealed big security vulnerabilities and privacy concerns; especially for AEGISLAB, BullGuard, dfndr and VIPRE. A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a...

malwaretips.com

Academics find eight vulnerabilities in Android's VoIP components

The vulnerabilities can be exploited to make unauthorized VoIP calls, spoof caller IDs, deny voice calls, and even execute malicious code on users' devices. A team of academics has found eight vulnerabilities in the Android operating system's VoIP components. These vulnerabilities can be...

malwaretips.com

Android Trojan Kills Google Play Protect, Spews Fake App Reviews

An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. The heavily obfuscated malware dubbed Trojan-Dropper.AndroidOS.Shopper.a uses a system icon and the...

malwaretips.com

I will stop here as there are literally hundreds and hudreds of post here of Android vulnerabilitys.

 

[Outpost]

I asked you not to bother me. But you keep doing it. I'm asking you one last time to stop harassing me.
Thank you

Although your Ego is constantly trying to convince you that you can decide who can talk to you and who can't, I remind you that in real life, as well as in forums, it doesn't work like that.
Even though it may seem impossible, I live very well without you and I don't feel the irrepressible need to talk to you.
We are discussing and if you are mentioned in the discussion is part of the game and life in the forums.
Get over it.

 

[ForgottenSeer 85911]

I live very well without you and I don't feel the irrepressible need to talk to you.

Then be a real man and stop bothering me here.

 

[Outpost]

Visitors bring an assortment of phones to my network - So I do get a little concerned about unknown devices being connected (Jail-broken etc)

If your network is private (home or office) you shouldn't allow connection from unknown devices.

 

[RKRN3]

AVs do more harm than good in Android. An Average Joe using an old phone for YouTube or WhatsApp will never get infected even if the Android version is old. Like, I have seen many here with phones running on Android 2.3 last year. They never did any shady stuff and their phone were never infected.

 

[ForgottenSeer 85911]

AVs do more harm than good in Android. An Average Joe using an old phone for YouTube or WhatsApp will never get infected even if the Android version is old. Like, I have seen many here with phones running on Android 2.3 last year. They never did any shady stuff and their phone were never infected.

Android AVs are worthless
most use simple application whitelists\blacklists with some fake buttons
however, literally millions upon millions of Android phones are infected yearly
the problem is a huge epidemic
the best Android malware will be undetectable such as FinSpy

but just as Tavis Ormady say "Android will bring the first billion dollar whopper"
meaning he first billion dollar stealing malware will likely be on Android

the issues with Android are systemic and structural
they cannot be fixed unless there is a haulover of the Android licensing system
putting AV on Android is utter waste of time

 

[JohnR]

Keep attack surface area to a minimum by refrain from a bout of 'Installappitis', an eye on permissions and regular updates of software/the few apps you truly need, personally, I have never had any problems.
No need for an AV IMO, lest you desire go look for trouble and duly find it.

 

[Outpost]

Tools like FinSpy are running on Android, Apple and even Windows. They can be installed by downloading malicious email attachments, fake apps, exploits or with physical access to the device. So being cross-platform, it is not a problem specific to Google OS. Apart from exploiting exploits, the rest of the infection path, like the rest of malware, can be easily solved by introducing a security layer called brain.

 

[ForgottenSeer 823865]

The rest of the infection path, like the rest of malware, can be easily solved by introducing a security layer called brain.

Brain is only viable for security geeks who have learned to differentiate a fake apps from a legit one.
There is no way for Average Joe to distinguish one from the other, even Google team can't do it properly (hence all those articles of malicious apps), how AJ could...?