A company called AV comparatives issued a report (via Engadget) after testing 250 anti-malware apps for Android phones. The company found that 68% of these apps were practically useless. 80 of the apps were able to detect at least 30% of malicious apps from last year without registering any false alarms. The testing revealed that the legit anti-virus apps that caught most of the malware came from developers you might know such as (in alphabetical order) AVG, Kaspersky, McAfee and Symantec.
32 of the apps have already been pulled from the Google App Store during the two months since the testing was completed. AV comparatives says that most of the 32 were "developed either by amateur programmers or by software manufacturers that are not focused on the security business." Some of these developers just wanted to have a security app in their app portfolio, according to AV. The latter suggested that Android users avoid security apps that don't have a website address and only show an email address (usually from Gmail or Yahoo mail) in the Google Play Store because that usually signals an app made by amateurs.
AV tested the anti-virus apps in January using Samsung Galaxy S9 handsets running Android 8.0 Oreo. Anti-virus apps that didn't run on Oreo were tested on Nexus 5 units running Android 6.0.1. The testing was conducted over Wi-Fi and the goal of these apps was to detect 2,000 malicious APKs versus 100 clean APKs. According to AV, "detection rates of between 90% and 100% should be easily achieved by genuine and effective anti-malware apps." Ironically, the legit anti-virus apps flagged some of the bogus ones.
If your smartphone is important to you, stick with anti-virus apps from developers you've heard of. And you should make it a rule not to install apps from unknown developers, or those apps that have a number of questionable comments posted on the Play Store.