Android OS does not need Antivirus Software

Hey folks!
README

Spoiler

First i don't want to know what Antivirus Software (AV) you are using on your mobile phone or what you are prefer to. And I don't want a s**t talk without proofs or with speculations or personal attacks against other users because they may have a different opinion than you. And this is only for Android, don't talk about iOS, Sellfish, Ubuntu or other mobile systems.
Please respect this little rules or I will immediately report you to the Moderators!

Why i wrote this?
On almost every major tech blog, I have been blasted with reports that show that Android malware is exploding. That would explain why antivirus apps are some of the most popular on the Google Play store. However, your phone does not need antivirus and I am going to tell you why.

- In fact, 99.5% of malware came from outside the Google Play Store. -
- The majority of problems arise from the installation of ‘cracked’ applications from 3rd party market places which are often bundled with malicious software. -

What makes a AV?
Android antivirus programs are mostly used for:

• Anti-Theft
• To know any issues with settings in the phone (Faulty or unchecked settings)
• To know which apps are using network, wifi, GPS etc through privacy advisers
• Will block malicious websites that are suspicious.
• Provides call/sms blockers.
• Firewall/iptables.
• Block Start-Ups.
• Encryption (ordinary algorithms like AES)
• Block malware/spyware and many more ...

What are the disadvantages?

• Those applications use lots of your resource (CPU and RAM).
• There is no total security.
• Suck battery life and make the phone laggy and sometimes interrupt the processes.
• Security through obscurity
• Do not forget to keep it updated because new viruses and threats appear all the time.
• They tend to collect information about you - Carrier IQ.
• False positives (it will occasionally identify legitimate apps as malware).

Self-protection?

• Do not download apps (.APKs) from untrusted sources. Places such as 4shared and uploaded are not recommended places for downloading APKs and apps (Drive-by). The person uploading the APK could have modified it before uploading. This could be a virus or even a keylogger which records everything you type. Stick to trusted sources such as the Google play (Android marketplace) or the Amazon appstore.
• Always keep your Bluetooth off unless required.
• Android 4.2 or higher also blocks apps from sending premium rate text messages.
• Newer 'non Stock ROM's' like Cyanogen (CM) are bundled with an Privacy-Guard.
• Do not root your device until you know what are you doing!
• Apps (Framework-patches) can help to protect your personal data, but you need to know what are you doing (experts only! - because some apps may not working anymore after that or you will see a force close or similar problems). Good Apps are XPrivacy, OpenPDroid, PDroid, PDroid 2.0 or PDroid Manager.
• Ad-Blocking Hosts file, you don't need any AdAware app, this does the same without any resource hock.
• AFWall+ is a iptables based firewall, it's free and only for root users.
• Read Required Permissions Carefully Before Installing Apps: Apps on iOS do not get privileged access to system resources outside of the ones carefully assigned by Apple. Apps on Android, on the other hand, have deeper access to your device and you must be aware of what permissions they require. These can be read after tapping Download and before tapping Accept & Download in Android Market. If you’re downloading a live wallpaper app and it requires permissions for location via GPS, then you should stay away from it.
• Many stock, aosp, aokp roms are bundeled with an in-build encryption function, this will help if lose your phone. If your phone does not contain this function, you should try DroidCrypt , FreeOTFE , EDS or LUKS Manager.

Can you help me on with this patches?
No, it's already explaint trouth the threads and google many many times. And if you have to ask, don't use it. It's not for beginners!


Antivirus is up to you!
Maybe some users are unfamiliar with Linux distros, but these operation system actually don't need any antiviral protection since the teams working behind these OSes are really called developers! They always work hard to fix these OSes (operations systems) and make them more secure with their daily updates (and we don't pay them a $, surely not like the amount of $ spent on Microsoft) because they care about us and as they want to feel free filling their computers with private data they want us to feel free too.

The thing is, lots of people have Windows installed as their OS, and they know that antivirus is a must! That is why when buying a smartphone (smartphone has a continuous internet connection - the "distribution center" of the viruses) they automatically feel the need for an antivirus, and maybe they are right, I bet that there are at least 20 private photos and 2 private movies and God knows what types of email and messages you send via your new smartphone! And that's not including those who actually integrate their phones as a part of their work (they are forced by law to keep any work documents in a safe places).

I am sure that if you follow these directions, you won't be needing any antivirus app in your smartphones, but if you suspect that your going to miss something, and you feel pretty protective for you data and smartphone, I suggest you don't take the risk and apply the needed (and proved!) protection for your device - but expect for some battery drains for it isn't a perfect solution for mobile devices.


Conclusion
That’s it, really. You and only you are the best antimalware, mobile security solution for your Android device. Apps like Lookout Mobile Security and avast! Mobile Security only add an extra layer of security which, to be honest, you don’t need.


Now .... What did you think about AV + Android? Tell us!


Links:

• Android Does Not Need Antivirus; Google Official Lashes Out at Vendors - devicemag.com
• Google employs Bouncer for Android Market malware - techradar.com
• Security Through Obscurity: How Secure is Security by Obscurity? - netsecurity.about.com
• Detailed Test Reports - Android - av-test.org
• RSA: Do You Need Mobile Anti-Virus? - esecurityplanet.com
• Anti-Virus Software is Snake-Oil - rookcifer.blogspot.de
• Do you need antivirus on Android? We ask the experts - digitaltrends.com
• Do You Really Need An Antivirus/Security App On Your Android Device? - redmondpie.com
• Is anti-virus software needed for my Android smart phone? - telegraph.co.uk
• The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All Smartphones - ************
• Android vs iOS - pittsburgh.issa.org (PDF)
• Android Technical Information - source.android.com
• Researchers bypass Android encryption by exposing phones to freezing temperatures - appleinsider.com

 

Well, the main problem is that this need an custom kernel that supports dual-boot. I know there are some apps that brings support for dual-booting but we need root for this and this also not working on all devices.

Yes, but today it's almost impossible to do it. For example most users use gmail, online banking apps and many more apps on there mobile devices and it would be an security issue to use this on a rooted device. The only thing you can do is to use fake accounts or/and not use any app that need your private data (banking apps).
But if we gonna to do this we lose the convenience retrieve all of our data on the go ...
It is easier using our apps to retrieve our data simple and quickly every time (without booting our PC).

Yep, that's the reason i attached the "Snake Oil" article. I also don't believe in AV-Software, not on PC or mobile devices.

Here, again we need root. If we have no root the firewall will not work properly. And the Avast firewall are based on Droidwall (iptables firewall). You also need init.d and iptables support from the kernel itself. If not, it will not work (or with huge limitations -> init.d for start up data leak protection and root to access the iptables itself).

Yes, sure. But don't get me wrong, but how can this protect user? I mean an full wipe or factory reset does not protect from stealing data and submit it through our existing i-net connection. This only helps if we think that our device is infected by some malware. But malware is not the problem, not on PC or mobile because the real problem is that the personal data could be transmitted to any servers.
There is a huge hole i already wrote about, that any (ANY!) app can bypass the firewalls (any at the moment!) before the OS starts and nobody know how to solve this. This means that every app can transmit any data on any time to the servers before the firewall are fully started! You can simply check this behavior by an ping command through ADB before android are fully started up. (Here is the article.)

Hm, yes but that also means if there are more people watching this projects there will be a faster fix for xyz problem or errors/security problems can be faster detect due to the mass of people.

 

Sure, but we talking about it because the OS itself is open source, only some vendors making own closed source drivers (e.g. mali) for there devices, which nobody can see. The problem is without a proper source/documentation nobody is fully able to understand how it works or should I better say ... how things can be fixed without it and it ends up with memory leaks, crashes or similar. They saying they want to release the source but in fact, they don't do it or if they do it's to late or already outdated. And that is because they do not want to embarrass (if they are problems, and we all know software is never perfect), money reasons (copyright) and other companies can't steal it (or re-write it).

I think this is wrong. Because Google Play updated there market with a strong and daily updated "Bouncer filter" (look at the second link) and they have huge limitations in the rules itself. For example, they removed AdAway from the market and some other "good" apps because google have very strong Developer Distribution Agreement (TOS). Also take a look into the Google Play Developer Program Policies. There is nothing much differ than in the Apple Store.

 

It's a bit off-topic, but it seems we talking about security general so it should be okay to talk about it.

Sorry, i disagree in the whole Linux firewall story.
It's not an Android OS problem, it's a Linux Kernel problem. So well, it affect Android yes, but there are very good reasons for it.

Let me handle it:
Iptables requires elevated privileges to handle the write/copy/save operate executed by the current user.

Now, we look deeper:
Iptables/netfilter are bundled and installed by default on e.g. Ubuntu distributions. By default it allows all traffic, since 8.0x it comes with ufw/gufw (a gui/interface program that managing iptables).

So why I'm telling this?
Because, Android and Ubuntu iptables works equally in this case, that means it would be a security problem if
a) all doors open by default
b) we gonna make them access without root, because every user (Android Api Level 16 and up) have the ability multi-login with different users. This means everyone can manipulate, read/write/copy/save iptables, and without any proper gui you never notice it if the firewall is enabled (sudo ufw enable) or disabled (sudo ufw disable), you will only notice if it's already to late!


And now?
Well, if we gonna make a gui for that like gufw, most newbies would never able to setup it the right way. And if that software become an "per-app" control for each port or ip, I'm sure most users will disable it (like uac on windows) because of annoying popups. Don't tell me other thinks now, most users disable it i know it, because there is no white listening function available (but UAC Pass is a very good solution for this). But, the users, they know nothing about it and it's easier to disable it!


So, yes. It's a good think that the stock kernel does not support iptables/netfilters or comes with a gui, it' to complicated to understand (like windows firewall) most users does not know which settings they should use, and a Firewall that's not good configured is almost useless.