How OAuth 2 trumps Basic authentication

I have some great news for users of Sophos Mobile Security, our Android antivirus and security app. Independent IT security institute AV-Test has awarded Sophos another perfect protection score in a of mobile antivirus applications – the sixth test in a row where we scored 100% detection.

Although we’ve aced this Android security test every time for the past year, this particular test was actually quite different from the previous tests run by AV-Test. And we think the difference is really important.

Prior to the July test, AV-Test used a two-run scan: first an on-demand scan, followed by an on-access scan test. The on-demand test is a bulk scan to see if a security tool detects the entire set of malware files used in the test. The on-access scan involves loading a set of malicious apps on a physical mobile device to see if the antivirus detects the malware when it is installed or run.

Sophos’s Android antivirus stood up very well in the new test – we were one of only 5 out of 26 vendors with perfect malware detection. Sophos is proud to be among this select group.

Android malware – the threat is real and growing

You may have heard some people arguing that the threat of Android malware is overhyped. For instance, Android’s chief security engineer has claimed that Android users .

Although the risk of Android is considerably smaller than that for Windows, we disagree with those critics (Google included). The Android threat is real – and even in Google Play, where from time to time, despite Google’s generally good track record of keeping the Android marketplace clean.

Outside of Google Play, where untrusted developers are given a free pass by unscrupulous app markets, it’s a different story. In just the first six months of 2015, has discovered 610,389 new Android malware samples, bringing the total to approximately 1.9 million.

It’s not just malware we need to be concerned about – we’ve seen another 1 million apps that, while not malware in the strictest definition, nevertheless exhibit sketchy behaviors. These apps, which we call potentially unwanted apps (PUA), may also threaten user privacy and security. Many PUAs contain adware, collect user data unnecessarily, or deceive users with phony malware pop-ups and other .

(You can see in the chart above the rapid growth of cumulative samples of Android malware and PUA detected by SophosLabs, January 2013 – June 2015.)

It’s also available as an enterprise version you can manage through , our enterprise mobility management and security product.