uRi
evacideEFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
Vysogota
Klaus Frank@evacide sadly no row with just windows defender for comparison though.
2something
Sin Vega
Darryl RammJFC Google get your shit together.
Ray McCarthy@evacide
Google worst at 53% yet they insist that registration & signing of ALL Android Developers and no unsigned app install is for safety. Also that their Playstore is safe?
Google is about control & spying, not safety. I'm amazed how well McAfee did.
Google worst at 53% yet they insist that registration & signing of ALL Android Developers and no unsigned app install is for safety. Also that their Playstore is safe?
Google is about control & spying, not safety. I'm amazed how well McAfee did.
Hoolyevacide (@[email protected])
@tehstu As I point out in the blog post that I linked to, this is because several of the stalkerware apps include instructions to disable Google Play Protect as part of the installation process.
impossibleibex 🇺🇦@evacide malwarebytes requires Google Play Services
Spirit@evacide what's the vector for this kind of malware? Is all of it side loaded or is some coming from the Play Store?
Olivier@evacide nice work! Very interesting and thorough article. In the prevention appendix, it mentions "running a trusted security solution." Was it evaluated how effective these apps were at blocking installation or not being workedaround? My gut feeling would be that a strong pin/pw/bio would be the most effective method to mitigate that vector. Thanks!
@evacide I have one more question if you don't mind. Do security focused custom Android like GrapheneOS offer additional protection against stalkerware compared to stock from Samsung, Google, and others?
fuzzyfuzzyfungus@dacmot @evacide The relatively low noise level of the sort of graphene setups that people who install graphene would typically use would probably help a forensic analyst tell that something isn't right, just because the stalkerware needs to phone home sooner or later; but Graphene definitely assumes that you are the admin of your phone and mostly concerned about feds that might cellebrite you; but are supposed to keep it within 8th amendment rules. Almost the opposite threat model.
@dacmot @evacide One can create non-owner profiles for daily usage and then disable installation of apps in that profile. This reliably stops attackers with brief access to an unlocked profile without additional exploits.
This mixes well with the relatively recent addition of two-factor fingerprint screen unlocking, where the main password can be a long, high-entropy password, but still having a shorter, more convenient PIN plus fingerprint.
As well as the earlier feature of being able to install apps from the owner profile inside other profiles (need to briefly enable app installation for that profile, then disable it again afterwards).
Sterling@evacide Im not going to lie malwarebytes free version saved my ass so many times when I worked for a Windows server hosting company.
John Breen@evacide Google SaaS - Stalkerware as a Service
I am not surprised that Malwarebytes did well.
Worik@evacide
I don't know if this is simply my poor opinion of AV companies or what, but the results of some of these companies are surprisingly good.
I don't know if this is simply my poor opinion of AV companies or what, but the results of some of these companies are surprisingly good.