Do any of us really need antivirus software on our Android phones and tablets?
In a past life I worked basic tech support at both Best Buy's Geek Squad and Staples' Easy Tech programs. I have heard every possible explanation for why a computer might have been infected with something, and happily collected a paycheck while fixing the same things over and over again. Most of the time, when someone asked me what antivirus software I used I would be perfectly honest with them and explain that I didn't use any third-party software antivirus software on my Windows machine. I'd explain that I was very aware of where I was browsing and what I was clicking, and keeping my system up to date handled the rest. I didn't recommend this experience to most, because computer viruses wouldn't exist if their success rates were zero and there are absolutely people who need those tools, but it's a strategy that has kept me safe so far.
Much like computers, you can't go too far on the Internet without stumbling across an article trying to scare you into believing your Android device is under constant threat from the countless nasty things on the Internet today. Where things differ for the average user is just how far out of your way most folks have to go in order to be in any real danger on an Android device. But you wouldn't know it by the sheer number of security and antivirus apps available to mobile devices today.
We get asked all the time whether our mobile devices need antivirus software, and while the answer isn't as clear cut as we'd like it's time to explain things as clearly as possible.
One quick note: Chances are we'll use "virus" and "malware" interchangeably at some point in this series. They're not actually the same thing. But to end users the result is the same: Bad things happening to your devices.
While those of us who see these security stories every day know there's usually no real threat to the general population, news about a potential risk factor on a device that accesses your bank account is difficult to ignore. And you shouldn't just tune them out — there absolutely are dangers out there. Mobile devices are obvious targets for folks looking to steal your data and do you digital harm — mostly due to our inability to put these devices down, and the sheer rate at which their use is growing. And Android as a platform refers to far too many devices running any number of versions of the operating system (to say nothing of the customizations made by the manufacturers) for there to be such a thing as 100% secure rate across the spectrum.
Google does a good job at protecting you at the device level, as well as in the cloud.
Fortunately, there's already software in most of our devices that keeps us safe from those dangers.
Google includes scanning software in the versions of Android that it controls, as a part of Play Services. On top of this local, on-device scan, the Google Play Store is continuously monitored in case malicious software is introduced under the disguise of an app you would actually want to install. This covers a significant chunk of Android users out there, but not everyone. No one says it better than Adrian Ludwig, lead engineer for Android security at Google:
"Google's security services for Android are designed to provide the best security for mobile devices -- by default and free for all Android users. As a result, data about the Android ecosystem has shown that Android users face very low risk from potentially harmful applications and other threats. Users can, of course, use any solution they would like, either in addition to or as a replacement for the Google solution, but our goal is to make that purely a matter of choice, not a matter of protection. "
Built into every version of Android is the ability to install apps from third-party sources. That's a good thing. And if you want to, say, install the Amazon App store, which doesn't live in the Google Play Store, this is what you'll have to do. But by default, the vast majority of phones have that "Unknown sources" switch turned off by default, locking things down to the Google Play Store.
And then there are those crazy folks who deliberately exploit the software on their devices in order to add system-level features that weren't included to begin with. (This is more commonly known as rooting your device.) It's also important to remember that there are a handful of Android devices out there that don't use Google Play Services and can't access the Google Play Store. These are all cases where some kind of third-party security absolutely would be helpful, since these are also the examples used when you read one of those articles telling everyone how insecure Android is.
The reputable antivirus software companies out there are fully aware that there's no need for an active scanning tool on most phones and tablets, and that's why you see so many other features in these apps now. When we asked Kevin Haley, Symantec's Director of Symantec Security Response, it was made clear that viruses aren't a primary focus on mobile devices.
Even security companies know the risk is low — that's why apps are packaged with other selling points.
"Symantec sees an important role to play in helping to protect data and mobile devices from being exposed to risk," Haley said. "While Symantec sees its purpose in the mobile landscape as providing security against malware, fraud and scams; we also protect devices against loss and theft — loss of the device itself, as well as the information on it. In addition, Symantec helps businesses protect and manage their data being stored or transmitted through the mobile devices of their employees."
For the many, these other security features are also redundant. Things like anti-theft measures, identity protection, call blocking, and data backups are services that already exist for Google Play Services users, but these features are neatly bundled in one place when offered by third parties and are often very easy to use. Since ease of use is often what gets people into trouble in the first place, it makes sense that these apps would focus simplicity. When asking Jude McColgan, President of Mobile at Avast, he explained that protecting users from themselves is a big part of the job.
"At Avast, we're constantly keeping an eye on the latest mobile threats and provide a safety net with our iOS and Android apps, protecting more than 55 million people worldwide from privacy intrusion and hackers, malicious programs, device theft and data loss. People's biggest concerns are privacy and identity loss, but still, the majority of Americans frequently put themselves at risk, e.g. by using public Wi-Fi without protection. Avast addresses these issues with its mobile apps. Avast SecureLine VPN for iOS and Android provides a secure connection while browsing the Internet via public Wi-Fi. Moreover, the Avast Mobile Security offering prevents hacker attacks, device theft and data loss. After all, mobile security is like an insurance. You just need it to be protected in case of an attack—to manage your risk. With Avast Mobile Security, people can do so for free."
So do I need an Android antivirus/malware app or not?
The bottom line is there's absolutely nothing wrong with these companies offering alternatives to existing services, especially if it gets people actively thinking about keeping themselves secure. It's just that in terms of malware protection you're probably already protected by Google — or just by common sense. Don't click on suspect links in unsolicited emails or text messages. Don't install an app that mysteriously downloaded itself to your phone or tablet. Only use reputable app stores like Google Play or the Amazon Appstore.
So do you need extra protection against viruses and malware? Probably not. Will it hurt anything if you choose to use an app? It'll take up space on your phone, perhaps. Maybe even rob your device of some performance. (And do know that there are a number of disreputable developers out there who sell nothing more than a placebo effect.)
We say: Try if you want. But your money's better spent elsewhere.