Critical Vulnerabilities Found in Android Antivirus Apps

Comparitech company researchers  have found critical vulnerabilities in android antivirus apps.  They tested 21 different applications. In total, 47% anti virus vendors are failed in this tests.

According to comparitech blog post, “We found serious security flaws in three of the apps we tested, and found seven apps that couldn’t detect a test virus.”

21 Android Antivirus Apps:

Vendor Name
AEGISLAB Antivirus Free
Malwarebytes Security: Virus Cleaner, Anti-Malware
AVL Pro Antivirus & Security
APUS Security – Clean Virus, Antivirus, Booster
Brainiacs Antivirus System
BullGuard Mobile Security and Antivirus
Phone Cleaner
Comodo Free Antivirus, VPN and Mobile Security
Emsisoft Mobile Security
ESET Mobile Security & Antivirus
Dr.Capsule – Antivirus, Cleaner, Booster
Fotoable Antivirus & Cleaner
NQ Mobile Security & Antivirus Free
Zemana Antivirus & Security
MalwareFox Anti-Malware
Antivirus Mobile – Cleaner, Phone Virus Scanner
dfndr security: antivirus, anti-hacking & cleaner
Privacy Lab Antivirus & Mobile Security
Webroot Business Security
VIPRE Mobile Security
V3 Mobile Security

VIPRE Mobile, AEGISLAB, and BullGuard all had flaws that could put user privacy and security at risk.

Application named ‘VIPRE’ had a critical IDOR (insecure direct object reference) flaw that exposed contacts from the users’ address book. Using online dashboard, it was possible for attackers to access the address books of VIPRE Mobile users with cloud sync enabled. VIPRE had another critical flaw that could allow an attacker to send fake antivirus alerts.

‘BullGuard’ application had two vulnerabilities – an XSS flaw, and another allowing an attacker to remotely disable the app. ‘AEGISLAB’ application had XSS vulnerability.

Comparitech Researchers have also shared the PoC’s of these vulnerabilities in their blog. Comparitech also confirmed that all three apps, VIPRE, BullGuard, and AEGISLAB have fixed the vulnerabilities. However Privacy Lab Antivirus & Mobile Security, are no more on the Play Store, since they failed to detect the test virus file.

Following android antivirus applications couldn’t detect a dangerous test virus:

  • AEGISLAB Antivirus Free
  • Antiy AVL Pro Antivirus & Security
  • Brainiacs Antivirus System
  • Fotoable Super Cleaner
  • MalwareFox Anti-Malware
  • NQ Mobile Security & Antivirus Free
  • Tap Technology Antivirus Mobile
  • Zemana Antivirus & Security