Android Threat Level?

[OffWorld]

There have been some recent news articles about threats to Android devices from malware/viruses/trojans - some of which found their way into the official Market. There is also a warning about infected apps in Chinese app stores and you never know where those might end up. My tablet is from China and came with a bunch of preinstalled apps as does the unofficial firmware I'm running now and there's no way for me to know where those apps originally came from. I've also side-loaded a number of apps I've downloaded from various places, some of which have been hacked to run on my hardware but you never know if some malware came along for the ride or if the hack left a security hole. I've also been connected to a number of public, unsecured networks with my tablet.

Suffice it to say I thought it was time to install a decent anti-virus on my tablet and scan it. I went with AVG Antivirus free version downloaded from the official Market.

This is clearly intended for locked-down devices, not those of us who hack and develop with our devices. My tablet is rooted, I have the Superuser app installed, and connect via ADB so often I leave USB Debugging turned on all the time. AVG sees ALL of these as threats!

It will see Superuser.apk as an "infected" app and prompts you to uninstall it! Thankfully it isn't, it is likely flagged because it can elevate the privileges other apps.

Being rooted also means that my tablet is generally running with elevated privileges, so that gets flagged as a security risk too under Settings. I'm not really sure why "USB Debugging" also gets flagged there, maybe because it can provide a way to unlock the phone without knowing the unlock pattern?

Once I told it to "Ignore" those three things it rescanned and didn't find anything else, which frankly surprises me but I'll take the good news.

 

[gurgle]

Good to know, I chose Webroot's product about 3 months ago for the same reason. What it does not like is any Side-load app or USB Debug mode enabled. It also inspects shares. I participated in their Beta program and converted for free to the commericial product.
What I have done is compared performance on my Archos 101 with and without AV protection. There is not so much a performance hit as there is a memory loss in the available memory of the OS. I will get the low memory warning icon, if I load too much earlier than without the AV. Otherwise it is good.

I too have had false positives, but they were (PUPS) Potentially Unwanted Programs. These are security apps that inspect the kernel and similar for forensic testing.

 

[Spider]

Once I told it to "Ignore" those three things it rescanned and didn't find anything else, which frankly surprises me but I'll take the good news.

Thank's for posting this information. It's a good thing you're knowledgeable enough to know those are false positives and can ignore them. That sort of thing would scare a new person, but then a new person probably wouldn't be running SU.

 

[hunted]

We should all beaware that if it is a program or anything that needs a program to work there is always someone out there that wants to get in and look. some of those lookers like to be destructive. They are destructive cause they get kiks out of it. So it is up to the individual to decide how much protection you need to have if any. Also remember that free can sometimes come with a price! ;={