

Why people don't use anti-virus app on android? - HarryPPotter

I have not seen many people using anti-virus app on cellphone though everyone has that on laptops or desktops. Since cellphone might leak more personal information, why don&#x27;t everybody care of that?
======
KhalPanda
Because most people are less susceptible to viruses on their phones. The phone
environment is typically a lot more "locked down" than a desktop OS.

Not to say that it's not a risk, but it's one most people are happy to take
(and largely get away with).

------
on_and_off
Play Services comes bundled with Android terminals (at least, as long as they
come with the Play Store) and among other things, it monitors apps for bad
behavior and check the apps you want to install. Mobile OSes come with a very
lock down model, so it is harder for an app to monitor other ones (except for
Play Services with its specific privileges), so it is probably way harder to
create an AntiVirus app that actually does something useful. As long as you
don't install random apks (auto downloaded on shady websites or pirated apps),
the chances of encountering an harmful app are very slim.

------
jordsmi
While there are plenty of android botnets out there, I'd say it is harder to
get infected.

On windows you can get hit by many different attack verticals, where on
android it is mainly from installing bad apps. As long as you aren't
installing bunk apk's you are relatively safe.

------
debacle
There's nothing to steal on my phone that isn't already accessible on someone
else's server, and it's unlikely that any software that I could download from
the Play store can interact with Android with the kind of permissions that a
real antivirus would need.

------
Someone1234
Android and PCs are an apples and oranges comparison.

On PC code can execute and do arbitrary things (Window 8 "apps" excluded). The
only security protections on PCs is either ring 0 or not ring 0. It doesn't
matter if you're Windows, Linux, or OS X the very nature of x86/x86-64 is
either "root or not root." Virtualisation might change that equation one day,
but containers still aren't commonplace day to day.

So on PC application run away is a legitimate threat. You trust Adobe Reader,
but if a website tricks Adobe Reader into executing an attacker's code then
Adobe Reader can do anything it has access to on that PC (which is everything
in user-mode, which is a lot). So you use AV as a stop gap to try and catch
some of these (although its effectiveness is questionable, things like Click-
To-Play on browser plugins, automatic updates, NoScript/Request Policy, and
EMET are more reliable).

Android also has ring 0/not-ring 0, but unlike PC very little runs in ring 0
anyway, and every user-mode application also has additional security
restrictions placed on it. So for example downloading and executing code,
while possible, it is far harder to escape even the application's own context
(since most of it is JavaScript in a WebKit component, not bytecode). So most
code exploits don't execute "arbitrary" code, they execute very restrictive
code.

Plus then you have OS enforced app restrictions (manifest permissions). If an
app gets hijacked by a bad guy, if the bad guy wants more access than the
original author then they need to request it and that is user visible (might
set off alarm bells). Even if they just keep the old permissions that may
restrict what they can do.

Lastly the way Android is designed in general means certain common issues are
mitigated, for example:

\- Cryto-Blackmail (encrypt your stuff then blackmail you into paying or it
will be deleted), most apps cannot access other app's content, most content is
backed up automatically, and if they can access other app's content they may
not get enough access to overwrite it.

\- Sending spam or DDoS botnet: Android kills background processes. Android
throttles processes using up too many resources.

\- Stealing passwords: It is very hard for one app to "spy" on another app
(rooted phones not withstanding). So if you enter your password on Chrome, you
can reasonably be assured that the Space Invaders app didn't "see" it (unlike
PC, where one user mode process can trivially spy on another).

~~~
v_ignatyev
On Android you can make the app, which will run in background and read your
SMS messages and send messages, it can know and share your location, and
proven that this app can be delivered into Google Play as some harmless game.

So it's up to you, if you want someone to see you.

