this post was submitted on 23 Mar 2024
79 points (91.6% liked)

Asklemmy

43902 readers
1014 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

So my workplace is mostly iPhone users and someone asked me what kind of antivirus software I used on my Android, and I said "none" and he flipped out about how unsafe it was. Other people chimed in saying how all androids need antivirus apps and I've never heard of such a thing. I do have ad-blockers and a VPN but never downloaded an antivirus. Should I? If so, what would you recommend? Thanks lemmings, love you.

all 35 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 139 points 7 months ago (1 children)

Absolutely not, that guy is eating marketing

[โ€“] [email protected] 61 points 7 months ago

Apple sponsored fear mongering, I'd say. It's almost like they had an interest in keeping people away from the alternative.

[โ€“] [email protected] 84 points 7 months ago (1 children)

No, antivirus in general is not a good idea these days. It is extremely invasive, consumes resources, and doesn't actually do much of anything.

Don't sideload random APKs off the web and you'll be fine.

[โ€“] [email protected] 3 points 7 months ago

This. As @Monke bluntly put it, "common sense"

[โ€“] [email protected] 51 points 7 months ago* (last edited 7 months ago) (1 children)

There have been far more severe iPhone exploits in the past year or two compared to Android ones.

Apple will never take the brand hit of allowing third party security software, so maybe let your pals know a brand's fragile ego is putting them in an arguably more perilous position.

[โ€“] [email protected] 18 points 7 months ago* (last edited 7 months ago)

There are corporate security solutions and monitoring available for iOS (ex: CrowdStrike Falcon which I handle at work) but since there are privacy implications, it cannot be installed with full privileges unless the phone is registered to the business in Apple Business Manager and set in supervised mode.

[โ€“] [email protected] 47 points 7 months ago (2 children)

You should never trust an apple user for technology questions. If they knew better, they wouldn't be using apple devices.

[โ€“] [email protected] 3 points 7 months ago* (last edited 7 months ago)

Apple has only proven themselves more secure than the competition in one example: When they protected a criminal from an FBI warrant.

[โ€“] [email protected] 1 points 7 months ago
[โ€“] [email protected] 40 points 7 months ago (1 children)
[โ€“] [email protected] 3 points 7 months ago (1 children)

Interesting read. Now I wonder how this works in grapheneos.

[โ€“] [email protected] 6 points 7 months ago

As long as you lock the bootloader, GrapheneOS operates the same as stock Android in this regard. If anything, you'd be safer on GrapheneOS because of the extra control you get over app permissions.

[โ€“] [email protected] 29 points 7 months ago* (last edited 7 months ago) (2 children)

Maybe against the grain, here, with all the comments saying No, but: If you were interested in trying something out, I would give Hypatia a go. It's a FOSS-based app, available on F-droid. It's basically a ClamAV front-end. Pulls from their signature lists for Android, alongside other more general AV signature lists. Just an option.

[โ€“] [email protected] 11 points 7 months ago (1 children)

Absolutely. Everyone here is acting like PDF and JPEG exploits on Android don't exist.

I agree that OP shouldn't pay for one, and that most AV apps are, at best, garbage, but there are also reasons to have one, and reasonable ones to install - Hypatia being one of them.

[โ€“] [email protected] 0 points 7 months ago

Given the restrictive nature of mobile operating systems, such exploits are much less impactful than on desktop OSs. Furthermore, if you are dealing with those exploits, you are probably victim of a targeted attack, which is well above what normal users worry about.

[โ€“] [email protected] 2 points 7 months ago

Seems way more effective than LibreAV, which just looks at app permissions

[โ€“] [email protected] 26 points 7 months ago* (last edited 7 months ago)

Not really, as long as you stick to reasonably well-known apps and sources (Google Play Store, F-Droid).

And I'd rather use mobile websites with uBlock Origin in Firefox fornAndroid than using the mobile apps that are infested with trackers and ads.

[โ€“] [email protected] 25 points 7 months ago

They have as much need for antivirus software as an iPhone does.

[โ€“] [email protected] 22 points 7 months ago

Yes, you need antivirus. I recommend using antivirus called common sense.

[โ€“] [email protected] 11 points 7 months ago (1 children)

Not really. Especially you stick to trusted app stores. It's only really needed if you frequently sideload apps, and even then only if you feel it's necessary.

That being said, Hypatia is a good one I like to use from time to time. It's FOSS too. You can find it on F-Droid if you use the DivestOS official repo.

[โ€“] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

No amount of antivirus or alternative OSs will save you from unpatched hardware vulnerabilities though. Visiting a malicious web page or downloading a temporarily hostage app from your favorite app store can be enough to allow the bad guys into your device.

As long as you have a currently supported device and keep it up to date, you shouldn't ever need antivirus.

[โ€“] [email protected] 1 points 7 months ago (1 children)

No amount of antivirus or alternative OSs will save you from unpatched hardware vulnerabilities though. Visiting a malicious web page or downloading a temporarily hostage app from your favorite app store can be enough to allow the bad guys into your device.

Well there's not just prevention. Antivirus software can detect & remove. Also, by this logic, wouldn't that mean there's no point for desktop antiviruses? Seems incorrect to me.

As long as you have a currently supported device and keep it up to date, you shouldnโ€™t ever need antivirus.

And yet sometimes you do need one.

ย 

In any case, I never said having one is foolproof. I merely said downloading random apps willy-nilly can increase the risk, sometimes not much at all and other times greatly. It depends entirely on your threat model.

[โ€“] [email protected] 2 points 7 months ago (1 children)

Regarding desktop antivirus, it's often the case where it is not necessary to have. Windows has Windows Defender built-in, and other operating systems have other means to mitigate any type of viruses. There are actually reports of antivirus causing attacks because their hooks are so deep in the operating system.

Even trusted apps and app stores are prone to being malicious. The upstream packages that they use can have a malicious developer or insecure package, and it gets incorporated in the app, then distributed. Thats why it's important to use devices that get hardware/firmware updates to help protect against this. If a rootkit is installed, there is no way to ever get rid of it on your system.

[โ€“] [email protected] 1 points 7 months ago

Windows Defender is antivirus application, though, so how is it evidence that antivirus applications are pointless? Also, Defender wasn't always as good as it is. That's only a relatively recent thing.

Also, there are viruses/malware other than rootkits.

[โ€“] [email protected] 8 points 7 months ago

AV is no substitute for proper hygiene. Don't click random links, don't install random software, use a VPN on untrusted networks, yadda yadda.

[โ€“] [email protected] 7 points 7 months ago

I never have. Keep your shit updated, use a digital condom (ad/malware blocker), and dont go to shady websites offering free games and such and you are fine.

[โ€“] [email protected] 7 points 7 months ago

I'm gonna say no, but not for the same reasons as other commenters.

Android isn't as safe as iOS in that you're way more likely to get an app that harvests your data on the Play Store. That being said, there's almost no chance of you getting a device-breaking bug or app on Android vs. on iOS.

Now, if you're worried about data collection, whether you have an antivirus is the least of your concerns. You need to evaluate every single service that you currently use or pay for and see how they use your data. Google and Meta harvest all of it. Your telecom provider harvests a ton of it. The big retail chains you shop at, your banks, your credit/debit card payment processor, your ISP, etc. all collect data that they then sell to data brokers. Any data that is sent to data brokers can be bought by basically anyone who wants it. Even if all of your data is nuked from these brokers, data breaches at various companies or government agencies can and do happen. Even if those breaches never happen, some of your info is kept in the public record and can't be erased.

So, if you want to do anything to protect yourself, don't get an antivirus. Instead, just try to scrub your personal info off the internet the best you can.

[โ€“] [email protected] 6 points 7 months ago* (last edited 7 months ago)

No and you're stupid if you do.

Basically due to how locked down phones are compared to computers, it's nearly impossible (though not impossible) to get a virus. Not only that, but being so locked-down means that even if your anti virus did work, it wouldn't actually be able to do anything about it. But what an AV can do is read all the data that goes into your phone and collect it for the company to sell it for a profit, and that's why phone AVs exist.

Computer AVs are already shaky enough as is (McAfee is so insecure that actual hackers use it to get into computers) but there are a lot of cases where they can save your ass due to computers just being pretty insecure in general. I've used Malwarebytes twice to save me from dark web viruses, but that was a case where I installed it, ran the scan, killed the virus, then uninstalled. You don't need one running all the time. In most cases your OS will imply common-sense restrictions if it sees you don't have an AV and in a lot of cases those end up making your computer way more protected than the security theatre most AVs employ.

[โ€“] [email protected] 5 points 7 months ago

Antivirus is badness enumeration. Androids security model is way better than that.

[โ€“] [email protected] 4 points 7 months ago
[โ€“] [email protected] 3 points 7 months ago

Not really but if you are really really paranoid try hypatia from fdroid solely for you peace of mind.

[โ€“] [email protected] 1 points 7 months ago
[โ€“] [email protected] 1 points 7 months ago
[โ€“] [email protected] 1 points 7 months ago

It seems based on the comments you don't.

But I personally use ESET. It did catch a few things a few times. Specifically some of the shady modded APKs, which is expected. VirusTotal.com is also of help with those.