When it comes to malware, efficacy is key. It can take just one missed malicious app to inflict a lot of damage. On the other hand, false positives are also problematic, given they can cause needless disruption of the user experience. In recent independent testing from AV-TEST, Zimperium’s mobile threat defense solution, zIPS, delivered top-tier results—better than 99% accuracy in about all scenarios. Read on to find out more about the tests and how zIPS fared.
Introduction: The Criticality of Mobile Malware Detection
When it comes to malware targeting mobile devices, the danger is real and growing. According to the team at AV-TEST, an independent testing organization, “A few years back, there were new [mobile] malware apps released every few days. This has grown to several thousand new threats per day.”
For teams looking to validate the efficacy of prospective security solutions, AV-TEST offers invaluable services. This independent organization evaluates and rates antivirus and security software for Windows and Android operating systems.
Zimperium recently commissioned AV-TEST to conduct a thorough analysis of zIPS. The results are now available in a report entitled “Zimperium Mobile Threat Defense (zIPS) Comparison Test for Android.”
According to the report authors, “Zimperium delivered outstanding performance for both the online and the offline modes when it comes to prevalent malware detection. In real-time testing, the offline product could almost compete with the excellent result of the online product.”
The test from AV-TEST included several different facets. Tests were conducted on two Motorola g30 devices running a clean version of Android 11. Most tests were run in two modes: online and offline. By testing in an offline mode, the tests can simulate times in which a user lacks connectivity. In order to run these tests, testers ensured the test device had both Wi-Fi and cellular network connectivity turned off.
Following is an overview of the nature and scope of these different tests, and the results delivered:
The prevalent test consisted of 2984 prevalent samples. Prevalent malware is defined as Android malware samples that were the most common and that were not older than four weeks.
The prevalent test consists of two parts, an on-demand scan, and an on-access test. The team started with the on-demand test, scanning all samples on the device’s SD card. To do so, zIPS was installed on the device, samples were pushed to the SD card, and a scan was performed. After the initial on-demand scan was completed, if any malware wasn’t detected, it was pulled from the device and then later installed on the device for real-time testing (see below).
In terms of prevalent malware sample tests, zIPS delivered a better than 99% detection rate in both online (99.63%) and offline (99.20%) modes.
These tests consisted of 3292 real-time malware samples. Real-time samples were Android malware samples that were seen within the prior 24 hours in AV-TEST’s database and that were tested on the day of their discovery. As part of these tests, a sample was installed, and if zIPS issued an alert, it was tracked.
For real-time malware samples, zIPS delivered a detection rate of 99.12% in online mode and 98.24% in offline mode.
The False-Positive Test
The AV-TEST team examined whether legitimate apps would be incorrectly identified as malicious. Sample legitimate apps were installed, and notifications from zIPS (if any) were tracked. The false-positive tests consisted of two parts and a total of more than 3200 apps. For the first part, 1924 apps from Google Play were used. For the second part, 1297 apps from third-party stores around the world were employed.
Of the more than 1900 apps from the Google Play store, none were incorrectly flagged. This is true in both online and offline modes. Of the almost 1300 apps downloaded from the third-party app stores, zIPS incorrectly flagged one app in both online and offline modes.
The team emulated the average daily usage of a device, which included installing apps, browsing websites, watching YouTube, reading PDF documents, and so on. They compared the performance of the devices without and with zIPS running.
The testing team found that zIPS in both “online and offline mode did not show any impact on the user experience.”
When it comes to mobile malware detection, it’s vital to employ technologies that you can trust. The independent testing conducted by AV-TEST offers solid, independent validation that zIPS is a solution that teams can rely upon. With this solution, enterprises can establish robust, reliable defenses around users’ mobile devices, whether they’re online or not.
To get all the details of the testing and the results zIPS delivered, be sure to check out the report for yourself: “Zimperium Mobile Threat Defense (zIPS) Comparison Test for Android.”