The best Android Anti-Virus App – Is there such a thing?

Android Police reported last month that Virus Shield became the #1 New Paid and #3 Overall App, but an analysis of its code “confirmed that this app is totally and completely devoid of any security benefit” and was removed from the Google Play Store.  Next, The Guardian reported 50 million Android phones may be exposed to Heartbleed.  A major security breach and a fraudulent anti-virus app collide, and developers and users are left uncomfortable and vulnerable.
What is the best Android anti-virus app?  Does one exist?  How do developers make responsible choices to safeguard themselves and users, but continue to create excellent Android apps?  Even Symantec VP Brian Dye says “that antivirus like Norton catches only 45 percent of cyberattacks today” in a conversation with the Wall Street Journal.  A complex, dynamic picture of Android security is unfolding, and a new direction for anti-virus is on the horizon.
Kaspersky Antivirus Test by TestFairy
The Verge reports an anti-virus app is “often completely unnecessary.”  And, perhaps, they are.  Currently, as Dark Reading explains, an anti-virus app flags problems but cannot remove them.  Without tools to eliminate malware and infections, an anti-virus app is just a virus detection app.
Android anti-virus apps are regularly tested by groups like AV-Test to evaluate their efficacy and chart improvements in functionality.  An analysis of AV-Test results by Security Watch reveals a mixed bag.  Improvements in some areas like preserving battery life indicate progress, but an increase in the number of safe applications flagged as malicious is alarming.  AV-Test CEO Andreas Marx suggests the most important feature for an anti-virus app would be an “on-installation check.”  This tool would prevent users from downloading infected apps to their Android phones.
Kaspersky Antivirus Test by TestFairy
Shouldn’t Google have a better system to prevent do-nothing, bug-infested apps from showing up in the Google Play Store?  Android Police reveals Virus Shield was available on the Google Play store despite the absence of a developer website and an email previously flagged for inappropriate behavior.  It achieved a 4.7 rating, yet, as CSOOnline.com notes, “A raft of allegedly fake reviews and high ratings helped propel Virus Shield to the top of the Play Store.”  Clearly, Deviant Solutions, the developer behind Virus Shield, engages in deviant behavior.  Google’s only tool is the app kill switch, as the Android ecosystem faces the growing threat of mobile hacking.
A team of researchers at Syracuse University, led by Dr. Kevin Du, identifies and examines mobile hacking threats, ranging from scanning an infected bar code to downloading infected apps.  Apps that are particularly vulnerable to hacking are coded with HTML5.  He sees a growing attraction to HTML5, as it works across different platforms.  He says, “By 2016, it’s estimated that more than fifty percent of the mobile apps will be produced using HTML-5 technology. This is just a disaster waiting to happen.”  The video of Dr. Du and his researchers produced by Syracuse University News Services shows how they easily hack a phone and follow a user’s mobile footprint.
Kaspersky Antivirus Test by TestFairy
Existing anti-virus apps do not currently provide users with all of the tools they need.  If an anti-virus app can’t remove a bug, then it’s not truly effective.  Android app developers who help users organize and manage sensitive data must be diligent with security and permissions.  And, as mobile hacking increases, fully functional apps may be the best resources to protect users’ mobile privacy and security.  There is a need for honest, ethical Android developers to innovate and meet this challenge.
“The mobile space is still new territory for both attackers and defenders. Things can change quickly,” says Security Watch.  Hopefully, the hackers are not a few steps ahead.  We tested one of the best performing anti-virus apps according to AV-Test.  We have tested the Kaspersky in our lab, checkout our detailed test report.
We are impressed by the Kaspersky Anti-Virus Android App and think Android users should check it out.  The free version scans and analyzes your Android device’s OS simply and quickly, while the premium version adds buffers to block intrusions.  In our test, 26,820 files were scanned in less than three minutes.  The progress of the scan appears in a shield that gradually changes color.  At the end of the scan, a list with the number of files scanned, threats detected, neutralized, quarantined, and disinfected is available.  Fortunately, we did not have any threats to address.  “Everything is OK” appears at the top of the screen and ensures peace of mind.  The premium version scans new apps immediately after download and quickly alerts users who have downloaded a malicious app.  The secure browser and call and text filter blocks phishing from callers, text links, and websites that exploit users’ private information.  If your device is lost or stolen, premium users may disable the device to prevent theft of data.  The tools available in the premium version address the next steps needed to enhance mobile security – prevent phishing, hacking, and malware from finding its way into your Android device’s OS, instead of waiting until infection to remove it.
Developers, do you consider mobile hacking to be a growing threat?  What resources do you need to create apps that stand up to infection?  We want to hear what you think.  Share your thoughts with us via the comments below.
TestFairy helps Android developers do painless beta testing. Learn more about TestFairy here. Follow TestFairy on TwitterGoogle+, and Facebook.

Dear Facebook, Why Do You Want to Disconnect my Wi-fi?

Did anyone notice the permissions required to install the latest Facebook Android app update? Does Facebook really need to be able to connect or disconnect wi-fi to ensure proper functioning? Is it absolutely vital for Facebook to read your text messages, so you can watch the video of your best friend’s kid blowing out birthday candles?
The answer for these questions is probably no. Facebook does not need to turn off my wifi connection for any practical reason. So why are they doing it? Because they can.
Google’s basic approach for permissions is all-or-nothing. The user can either agree to grant all permissions to an app or choose not to install it. The requirement that apps have permission to everything, or an app won’t function, means users cannot control their privacy and security. This all-or-nothing approach also gives developers access to much more information than is necessary to develop and troubleshoot apps.  Unscrupulous developers can easily take advantage of the vast permissions afforded by the Android OS.
"Dear Facebook, Why Do You Want to Connect or Disconnect my Wi-fi?"
The incorporation of App Ops in Android 4.3 was a huge step in the right direction – allowing users to control their privacy and give developers tools to limit their access to unneeded permissions. But, as the Electronic Frontier Foundation points out, App Ops was removed in the Android 4.4.2 update. EFF reports, “Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it.” Sure, developers would need to finesse some details to make their apps function with more restrictions to permissions like App Ops, but it’s exactly what iOS developers do every day.  EFF says, “[A] billion people’s data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.”
The all-or-nothing approach is just one part of the growing problem of unnecessary permissions.  This last Facebook update requires a permission to “Modify or delete the contents of your USB storage”. What? Are you for real? Why would Facebook want to delete my data?
In that case, it is probably safe to say that Facebook does not really need or want to delete your files. Gil Megidish, TestFairy’s CTO, says, “It is silly to think Facebook is interested in deleting your SD card.  One of the problems with Android permissions is they are too generic. Facebook commonly saves things to disk: caches profile images, photos and other media onto the SD card, but the permission is to read/write/delete from SD card. Is there a reason why Facebook should access other apps’ files on my SD card? Of course not, but that’s the permission level. A new option was added on API 19, allowing apps to write and delete their own local data without touching other apps’ files, and without requesting for any additional permissions. However, since less than 2% of the Android devices in the market run KitKat, it may take quite a while until this permission can be used by Android developers.”
The options to avoid the all-or-nothing challenge are limited to sophisticated Android users. Cnet reports, “CyanogenMod has implemented the exact App Ops feature that Google has just pulled.” There are, however, only “a few kinds of permissions such as contact list access and location list access” available with CyanogenMod. How-to-Geek has detailed directions for how to root your Android devices to operate App Ops within Android 4.4.2. You can also decide not to install the Android 4.4.2 update, yet some level of performance is sacrificed when updates are not installed. Normal Android users like your mom, neighbor, and uncle don’t have the skill set to make these changes. Most users just tap “YES” on the screen without understanding what they have updated and allowed. So, really, users don’t have a choice to protect their privacy and increase security. Only a small, highly skilled group of Android users can manipulate and manage their permissions – including some of the same developers who cry foul when required to allow permissions they access needlessly from their users.
All users deserve access to intuitive interface to manage and control their permissions. It’s time for Google to incorporate App Ops or a permissions feature in the OS, give users the chance to make decisions about their privacy, and offer developers tools they need to create apps with limited, necessary permissions that apply to all Android OS versions.  The inclusion and quick removal of App Opps not only fuels conversations online discussing new permissions that feel creepy and invasive, but also it ignites distrust of the Android platform and the honest developers who work so hard to enhance the Android experience.
Where is the balance between Google having information it needs, developers having access to appropriate permissions to make quality apps, and users managing their privacy and security?  We want to hear what you think.  Share your thoughts with us via the comments below or email us to blog-feedback@testfairy.com
TestFairy helps Android developers do painless beta testing. Learn more about TestFairy here. Follow TestFairy on Twitter, Google+, and Facebook.

Google Play Store Ratings Drop Update

The Google Play Store update around December 10, 2013, introduced a new feature that has created confusion for users and headaches for developers. An app was presented to rate with the question, “Want Quick Suggestions?” Android developers then noticed their hard-earned, high ratings drop off after this interface was introduced. Through Google+ discussions and online forums, developers discovered that a user who rated through the suggestion feature may have thought they were rating Google’s suggestion. Instead, the rating of the suggestion is actually calculated as an app rating.
Since we posted about this issue on January 1, 2014, we have continued to follow threads, discussions, and conversations that examine Google’s changes and the continuing negative impact on passionate Android developers. Unfortunately, a fair and accurate ratings system seems more difficult to attain. The current system seems to lead not only to confused user ratings, but also it rewards bad user behavior.
Appwared.com uncovered an unsettling trend in Turkey. They analyzed the user reviews for Where is My Water 2, Temple Run 2, Clash of Clans, Dragons of Atlantis, and Hay Day. For Where is My Water 2, they noted, “Believe it or not, 11 out of 15 reviews here are actually 5 STAR reviews!” Users rated it 1 star, but wrote a different, surprising review. They confessed that they gave a 1 star to have their review featured in the Google Play Store. Appwared.com translated several of the 1 star, attention-seeking reviews like this one by Canan Evran, “The game is an example of how a good game should be! Don’t bother that I gave 1 star, it’s because I want my comment gets seen.” A one-star review where a user’s poor intentions are stated should not be calculated or featured, and, if it has been identified in one country, is this bad behavior rewarded in other locations too?

Android developers have few options to deal with this problem. Android Police suggests the only option available to developers is to “flag these low-star, high-praise reviews as spam.” That is still a process that takes time, and, meanwhile, developers continue to watch their ratings fall.
Another dimension to the ratings issue is revealed in a discussion on Hacker News. Culturally and geographically, there are differences in how people rate performance. Raverbashing posted, “In Germany…A 1/5 would be the highest score, and 5/5 would be the worse score.” Several Norwegians posted that they would rate apps exactly the opposite with 5/5 as the best rating. If, as Android Police points out, users would “review apps honestly and consistently,” Android developers could relax.
With frustration increasing and little feedback from Google about the changes, developers are left to untangle data and examine any information to help them make sense of their diminished ratings. Is the “Want Quick Suggestions?” and featured reviews part of Google’s drive to generate more content for their sponsored endorsements? Last October, CNN.com discussed the possibility that “a person’s face could show up on any of the 2 million sites that are part of the Google ad network.” Most users are logged into their Google accounts when they are cruising around the Google Play Store. CNN.com notes, “Leave a review for an album you bought in the Google Play store and that is a usable Google+ endorsement.”

Regardless of Google’s intentions with these changes to the ratings system that seem to reward bad behavior and create confusion, there are some dedicated Android developers living in crisis mode. These developers would prefer to put their time, energy, intellect, and passion into perfecting apps for the Google Play Store.
Are you a developer who has identified 1 star reviews by users seeking 15 minutes of fame in the Google Play Store? Are you a developer who has experienced the same decline in ratings? Share your experience with us at support@testfairy.com.

Google Play Store Ratings Drop

One of the worst nightmares of any developer is to wake up in the morning and find out their app’s rating has suddenly crashed.  This is exactly what happened to many Android app developers who noticed unusual activity with their Google Play Store ratings after December 10, 2013.  Unfortunately, it wasn’t a flurry of 5 stars.  Instead, developers began to sweat it out, as they watched 1’s, 2’s, and 3’s slowly diminish their 4 – 5 ratings. After research and reaching out to Android app developers through Google+, Facebook, and online forums, a picture of what happened and the unintended, surprising results has been crafted by Android app developers.
Amir Uval – the developer behind Countdown Timer, an interval timer and alarm, started a discussion on Facebook and Google+ to reach out to other Android app developers and “discovered I’m not alone.” In his Google+ discussion, details have emerged, links to similar discussions online have been shared, and he “finally put all the puzzle pieces together and concluded what was the source.” Mr. Uval talked with us about his experience and findings. He says, “I’ve noticed a strange a flow of low ratings on Dec 10. I’ve been getting a 1 or 2 once a month before that, and I started to get more negative reviews on a daily basis.”
This graph shows the dramatic shift that prompted Amir Uval's Google+ discussion. This graph shows the dramatic shift that prompted Amir Uval’s Google+ discussion.
Around December 10, 2013, the Google Play Store added a new feature called, “Want Quick Suggestions?” An app appears on the screen, and the user is encouraged to offer a rating without the opportunity to provide a comment. The rating appears to help Google make better suggestions for Android app purchases and downloads by a user’s assessment of the suggestion. But, Uval discovered the rating of the suggestion is converted to a rating for the app. He also discovered that users who touch on the stars as their finger scrolls on the screen could leave a rating. This updated interface seems to provide more opportunities for unintentional, random ratings. This same assessment of the problem is discussed on Reddit and Android forums.
Google Play Quick Suggestion
Paolo Conte joined Uval’s Google+ discussion and shared a graph with us that is nearly identical.  Conte’s app, Trains Timetable Italy (Orario Treni), “had a rating of 5 stars (4.8) for a long time.”  Conte says, “In Italy it is the number 1 app in the transportation category, and it is also featured in the Best of 2013 section.”  And, again, he shares a similar theme to Uval’s experience, “Since Dec 10th I started noticing a lot of 1 star ratings, but with no negative comments.”
"As you can see in the chart below, which covers a time span of one year, it is clear this is just wrong." - Paolo Conte “As you can see in the chart below, which covers a time span of one year, it is clear this is just wrong.” – Paolo Conte[/caption]
Mateusz Mucha is an Android app developer based in Krakow, Poland, whose app, Percentage Calculator, has suffered a similar fate as Uval and Conte.  After December 10, he noticed an increase in 1 ratings on what had previously been a 4.7 rated app.  He said, “Over the next 3.5 weeks, Percentage Calculator received over twice as many 1-star ratings than in its whole 14-month history.”  Mucha took a look at the “Want Quick Suggestions?” app rating feature and concluded, “I’m only sure of two things: I cannot fairly rate it and Google makes me do it.”  The required participation of users who may or may not understand what they are evaluating is creating unnecessary confusion; and, with graphs like Mucha’s below, frustrated developers are losing sleep.

Mucha's Percentage Calculator "had approx. 27 1-star ratings on December 10, now it has 92."
Mucha’s Percentage Calculator “had approx. 27 1-star ratings on December 10, now it has 92.”

The game, Move: A Brain Shifting Puzzle, has experienced the same pattern.  Noam Abta, the developer, said, “It had a very steady average rating of around 4.7, until around the 10 of December, it started to drop gradually and continuously.”  Abta’s graph below is yet another example of a highly rated app in the Google Play Store experiencing a decline on December 10, 2013.  Abta added, “The frustrating part was that most of the commented reviews we got were still enthusiastic 5 star reviews.”
Abta's "Move: A Brain Shifting Puzzle" launched strongly in October 2013. Abta’s “Move: A Brain Shifting Puzzle” launched strongly in October 2013.
Combining the rating of a suggestion with the rating of a specific app’s performance creates a gauge that is more difficult to use and implement in the development process. Uval says, “They just don’t mix – suggestion box asks for relevance, and rating – for overall quality and overall satisfaction with an app.” Right now, developers are struggling to understand their diminishing ratings in light of the commingled ratings and inability to receive comments and feedback from the “Want Quick Suggestions?” interface.
Updates to the Google Play Store interface, ratings, and data affect developers, and hopefully Google will respond to their concerns quickly. Uval suggests “a little note in the developer console” to inform developers of changes. And, as many developers note in forums, the ratings should be separated.  Bogumił Sikora with Paridae, the development team behind Countries Capitals Quiz, shares his chart that shows this downward shift in ratings.
Bogumił Sikora's app Countries Capitals Quiz Android app ratings chart.
Bogumił Sikora’s Countries Capitals Quiz Android app ratings chart.

For developers who share Uval’s experience, this discussion about the ratings change also revealed an unfortunate timing issue. Many of their Google connections are enjoying a holiday vacation, as one of Uval’s Google contacts “autoreplied he is on vacation.”
Right now, unfortunately, there are few options for developers impacted by the ratings. Developers are reaching out to contacts at Google, creating an online conversation, and hoping users swipe anywhere other than the ratings interface. Uval had a bump up in positive ratings after he released an update. He said, “I guess many of my happy users had a chance to rate.”


If you are an Android developer who has experienced ratings changes as a result of the “Want Quick Suggestions?” feature around December 10, 2013 and would like to add their story, please tweet a screenshot of your chart, mention @testfairy and we will add your tweet to this post.
Follow TestFairy on Twitter, Google+ and Facebook.
Learn more about TestFairy here

Hi Vine! do you really want only 63% of the market to use your app?

Vine Android app logo
Lets start with a fact:
Vine is  awesome. If you didn’t try it yet, it is never too late, do it now.
Now for another fact: Only 63% of the Android users can actually use Vine.
Why? Because as you can see on the Vine Google Play page, this app is limited to Androids running version 4.0 and above.
 
Google’s official numbers released on August 2013 show that while huge progress was made and 63% of the Android world are already using Android 4.x, 37% of the market is still using old versions, out of which 33% are still on Gingerbread API 10. Will those users ever upgrade? I don’t think so. Even if they knew how (and they don’t), it is not that easy. What is probably going to happen is that these devices will stay there forever, and die really slow. It can take years until they go away, maybe 5 years, maybe 10, but they will probably stay there for a very long time, probably in big numbers.
 
Now why on earth wouldn’t the Vine team work on an app that can serve the Gingerbread users? Isn’t 33% of the Android market big enough for this? I’m not buying it. Android fragmentation is indeed a huge problem but a third of the market is too big to ignore.
 
The Verge reported last month that a Windows Phone 8 version of Vine is in the make. This is smart, and of course, any company that has the resources should go to every possible platform.
 
If I were Vine, I would consider Gingerbread as just another platform.  It doesn’t have to be a full app with all the newest features, it can be a limited version, light, mini, whatever you call it. But ignoring it would be a mistake. Of course, testing is a challenge – TestFairy is here for a reason – but running away from this challenge is a mistake. Face it and make a Gingerbread app. It will bring you tons of customers.
 
Jelly Bean Fragmentation