Hi,
First off, let me say, this is not a question about whether you should install an AV app on your device, or which AV app is best.
My question is this: does any one know, or can anyone speculate on how these AV apps actually work? It's quite likely that these apps rely on virus signatures for flagging a file as malware or not. This would be because you wouldn't need as many signatures for an Android device as compared to say a Windows desktop. Also scanning with sigs (when you only have a few hundred signatures) is quite a bit faster than say heuristics or behavioural detection.
The problem is this: when you run an Android app, it is run under it's own user, in it's own process. This user typically only has access to their own files (i.e. the contents of /data/data/your.apps.data/), and public files (i.e. things that every app can see, like the stuff on the sdcard).
So how can an AV app claim to offer any sort of reasonable protection if it can't see all the files owned by all the other apps on your device? It seems that without scanning the private files owned by other apps, there are a lot of places for malware to hide.
It's not like these apps require your device to be rooted, and even if they did, I'm not aware of a way to make an app run as root?
Thoughts? Ideas?
Thanks in advance for your input.
First off, let me say, this is not a question about whether you should install an AV app on your device, or which AV app is best.
My question is this: does any one know, or can anyone speculate on how these AV apps actually work? It's quite likely that these apps rely on virus signatures for flagging a file as malware or not. This would be because you wouldn't need as many signatures for an Android device as compared to say a Windows desktop. Also scanning with sigs (when you only have a few hundred signatures) is quite a bit faster than say heuristics or behavioural detection.
The problem is this: when you run an Android app, it is run under it's own user, in it's own process. This user typically only has access to their own files (i.e. the contents of /data/data/your.apps.data/), and public files (i.e. things that every app can see, like the stuff on the sdcard).
So how can an AV app claim to offer any sort of reasonable protection if it can't see all the files owned by all the other apps on your device? It seems that without scanning the private files owned by other apps, there are a lot of places for malware to hide.
It's not like these apps require your device to be rooted, and even if they did, I'm not aware of a way to make an app run as root?
Thoughts? Ideas?
Thanks in advance for your input.