Exposé: Don’t fall victim to this dodgy anti-virus app
It seems that a certain anti-virus vendor is resorting to some very dubious tactics to scare Android users into purchasing its anti-virus app at extortionate prices. We recently wrote about how malware writers are publishing adverts which try to scare users into downloading an antivirus app. The adverts look like warning alerts and, once duped, the victim unwittingly installs malware directly onto their device. In a interesting twist, it seems that the apparently legitimate anti-virus app “Armor for Android” is trying to extort up to $550 per year from users just to use the app!
Armor for Android isn’t new, and when it was first released many well respected security companies like Sophos denounced it as a scam. At the time, Vanja Svajcer of Sophos wrote that Armor for Android’s pricing scheme was nothing less than “extortion.” At the beginning, Armor for Android wasn’t in the Play Store and its impact was limited. However, through some very dubious marketing tactics, Armor for Android has tried to make itself look respectable while taking exorbitant amounts of money from its users.
Armor for Android’s journey to respectability followed two paths. First the company managed to get the app into Google Play and sold it for a very cheap price ($0.99). The actual app itself isn’t fake, it does indeed scan files and report any threats, however it does this by using VirusTotal.com (which is owned by Google). In other words, it just farms out the malware detection to a 3rd party and reports the results. Because of its cheap price and its use of VirusTotal.com, Armor for Android has managed to gain a 4.7 star rating on Google Play from over 1,300 reviews. Users are posting comments like “amazing” and “simply the best.” Although I have no proof, such comments beg the question, has Armor for Android been paying for reviews on Google Play?
Now that the app is seen as respectable, the developers bumped up the price to $29.95. Fortunately the number of downloads is only between 5,000 – 10,000 which is small when compared to products like Avast or Kaspersky. The latter has between 1,000,000 – 5,000,000 downloads!
The second tactic that Armor for Android used was to get itself tested by av-test.org. AV Test is seen as a respectable independent security lab and their test results are often a good guide about the effectiveness of anti-malware solutions. AV Test certified Armor for Android twice and gave it a 99% detection rating. As a result, the app and the Armor for Android website carry the AV Test badge and can brag about their test results. Its protection rating, however, isn’t unexpected, since it is using VirusTotal.com to do the scanning for it. Interestingly the latest round of Android security apps tested by AV Test don’t include Armor for Android.
Armed (pun intended) with a 4.7 star rating and certification from AV Test, Armor for Android was now ready to reap in the money. The company has started using the same scareware mobile ads that the malware writers are using. The ads warn users that their devices could be infected and then start a download of the Armor for Android .apk file along with some nice instructions about how to enable the installation of apps from Unknown Sources.
Once installed, the free version of Armor for Android is a nightmare. First it tries to get itself administrator rights (which makes it harder to uninstall) and then it starts posting very annoying notifications about possible threats which have been detected, along with messages about other services that the app offers, like a memory booster. To access any of the other services and to scan the so-called threats you need to subscribe to the Armor for Android service. When the app originally appeared, Sophos reported that the app took $0.99 per week from the user. This amounted to just over $50 a year which is what Vanja Svajcer called “extortion.” However greed took firm hold of the developers and the app now charges up to $1.60 per day (depending on your currency and the exchange rates). That amounts to over $550 per year!
There was a brief moment when I thought that perhaps an unscrupulous developer had hijacked Armor for Android’s name and was just basically stealing money. I gave Armor for Android the benefit of the doubt. But that didn’t last long, because, if you go to the developer’s website as linked from within Google Play, you can find the free version of the app available for download and it is exactly the same app as the one being offered via the scareware.
The irony in this story is that if you submit the Armor for Android .apk file to VirusTotal.com it reports it as malware! Many of the major Android security apps report it as harmful or at least as a Potentially Unwanted Program (PUP).
To protect yourself from Armor for Android, don’t click on any ads which try to scare you into downloading the app. If you did download it then don’t install it. If you did install it then remove it immediately. If you subscribed to their service then cancel the subscription immediately. If you have problems cancelling, then, according to their website, “all fees and charges are 100% refundable. Please call 1-800-910-6786 (Toll Free US) or 0-800-098-853 (Call Collect outside of US), if you have questions or problems, use firstname.lastname@example.org”
If you have bought Armor for Android or have seen the scareware ads please share your experience below in the comments.