Help me make android more secure/explain why it already is
April 3, 2018 4:13 PM   Subscribe

What in your opinion (if anything) is the best anti-virus/malware solution for Android at the moment? Personally, I'm not using anything apart from the "don't click on weird links, don't install things from shady sources" rule. I feel fine about this, however it's stressing a family member out who doesn't get why I wouldn't use an anti-virus. If (like me) you think the existing options aren't much use, how would you explain to someone fearful of viruses/malware (and not super tech-knowledgeable) that Android is a relatively safe platform?
posted by threecheesetrees to Computers & Internet (4 answers total) 4 users marked this as a favorite
The antivirus & anti-malware apps are shady on their own due to Android's permission model, at best they do nothing, at worst they are scareware/malware/adware on their own.

Don't install from non-google stores, don't install shady apps, etc. Check reviews.
posted by TheAdamist at 4:35 PM on April 3, 2018 [5 favorites]

Apps on Android are all mostly isolated from one another so there's very little an anti-virus app could do on Android to improve things. How would an anti-virus app stop another app from doing something bad if all the apps are isolated from each other in the first place?
posted by GuyZero at 4:37 PM on April 3, 2018 [4 favorites]

I think Android security updates are a lot more important, but that opens a whole can of worms, because they probably don't have them. I'm not sure I'd actually agree that most Android devices in the wild are relatively safe. High end phones from the last two years are relatively safe. Everything else is pretty questionable. I would agree that antivirus on Android is useless.

I suppose that the answer to your question is that I would teach them safe app install habits like @TheAdamist suggested, tell them about Google's efforts to keep the Play Store clean, and show them where they can view the most recent security update their device has.
posted by cnc at 10:30 PM on April 3, 2018

If (like me) you think the existing options aren't much use, how would you explain to someone fearful of viruses/malware (and not super tech-knowledgeable) that Android is a relatively safe platform?

The way I do it is by taking the focus off Android, where it doesn't belong, and putting it back where it does. My standard spiel goes something like this:

"Viruses and worms and malware are almost exclusively a problem for Microsoft Windows users. 99% of malware is only compatible with Windows, and the 1% that isn't is part of the 20% that gets past antivirus software in any case.

Also it's 2018 now, and in 2018, 99% of malware is delivered as advertising. Even on a Windows box, you get better protection just by installing a competent ad blocker like uBlock Origin into your web browser than you do by installing antivirus packages beyond the ones that come baked into Windows."

If their eyes haven't already glazed over by then, I'll give them a bit of a rant on the way antivirus software has to work in 2018, in order to catch malware hardened and honed by 30 years of widescale antivirus deployment: the antivirus suite actually needs to run suspected malware inside a special "sandbox" environment to find out what it's trying to do, and most of what the new malware is doing now is finding ways to jump out of those sandboxes, which it wouldn't be able to do if it never got run in the first place, which it wouldn't be except that people keep insisting on installing antivirus software.

And I'll shamelessly make the analogy between antivirus software as a gun left lying around on the kitchen table and an ad blocker as deadlocked security doors, and ask which of those options makes their house feel safer to sleep in?

Yes, quite a lot of this is indeed bullshit, and all of the numbers have been pulled straight out of my arse. But as a semi-retired PC fixit guy, I have spent the last couple of decades being literally paid to observe that most people simply do not care at all about the ins and outs of technology and are not going to make the effort required to understand IT threats well enough to be able to counter them in any reasonable fashion. For most people, security is not an attitude you learn, it's a product you can buy; which means that what they actually want is not to be secure but to feel secure.

I am fully aware of how patronizing and how technological-high-priest that last paragraph reads. But it's completely true all the same.

What's also completely true is that I have spent a lot less time cleaning shitware out of Windows boxes protected solely by ad blockers than from machines "protected" solely by anti-malware suites.
posted by flabdablet at 10:53 PM on April 3, 2018 [8 favorites]

« Older can someone verify this story?   |   Entering Canada on a recently expired PR card Newer »
This thread is closed to new comments.