How does antivirus programmatically scan the code (without root privileges) of installed android applications?
I know of several Android antivirus software such as:
- AVG Mobile
- AVAST SOFTWARE
- McAfee (Intel Security)
- Norton phone
- Kaspersky Lab
wait
Each offers features like scanning installed Android apps for viruses (even unrooted Android devices).
Screenshots proving the above are as follows:
But as far as I know, for apps installed on non-rooted Android devices, one app can’t access another installed app and its related files, such as:
Pre-installed (i.e. camera, calendar, browser, etc.) APKs stored in /system/app/
User-installed (ApiDemo, Any.do, etc.) APKs stored in /data/app/
Package Manager creates the data directory /data/data// to store databases, shared preferences, native libraries, and cached data
So how can the application as described above scan the application and its related files programmatically as described above (without root access)
Solution
It does not access the files as one might think, it does not open them, use them, or scan the file’s data in any way. Instead, it just checks the file name.
For AVG let’s say: AVG uses an up-to-date database of past and present viruses. It scans the file names on your phone, checks them against its database, and alerts you when the names match those recorded in the database. Therefore, it does not violate the rules set by Android.
How do they get information about these viruses? Well, you’re in luck, you probably weren’t the first to get it. When a new virus is found, it is reported and AVG adds it to its database.
So, unfortunately, you cannot access other files programmatically as you described. However, you can access the file names within the directory and use the file names to check the database for viruses and other malware.