Android 4.2 only detects 20% of malware apps
One of the new additions to Android 4.2 was a new scanner designed to check sideloaded apps for potential malware threats. This was seen as a great addition, but the feature has been tested and has not fared well, only detecting about 20% of malicious apps. Of course, as we know by now, only about .5% of all malware is found in the Google Play Store, so Google's Bouncer software has been doing its job. But, that still leaves 95.5% of malware coming from sideloaded apps, which is a concern, especially in places like China where the Play Store isn't always available.
Testing was done by Xuxian Jiang, a professor of computer science at North Carolina State University, who tested 1,260 samples of malicious apps on a Nexus 10 running Android 4.2, and found that the built-in scanner detected only 193, a detection rate of just 15.32%. Jiang then tested Google's malware detection compared to antivirus apps from Avast, Symantec, and Kaspersky, and found the detection rates of the antivirus apps ranged from 51% to 100%, compared with 20% for Google.
There were two reasons that Jiang cites for Google's failure to detect malware that is sideloaded. First, the service uses cryptographic hash signatures to identify apps known to be malicious, but these hash signatures can easily be manipulated and bypassed. Second, the scanner is hosted in the cloud, and doesn't have a client-side option, so if you aren't connected to the web, it can't detect malware at all.
As we said, this isn't much of a concern if you get all of your apps from the Play Store, but if not, you should still be careful about where you get your apps.