Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > Mobile Apps

Reply
 
Thread Tools Display Modes
Old 28. Dec 2015, 03:50 AM   #1 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Default Check your Android Smartphone security status

Android has a lot (really, A LOT) of severe security issues that could compromise your phone and data. The Android VTS tool has been out for some time, and the latest version will help you in detecting all system vulnerabilities (known as CVEs). That's the good news.

The bad news is it won't patch nor fix them since that's the work of your phone's vendor, meaning there are little chances you'll get them solved unless you a have recent flagship device.

The app was pulled from the PlayStore some weeks ago (maybe because it was a direct hit at Google), but can still be downloaded from the official GitHub page:

https://github.com/nowsecure/android-vts/releases

Even though my phone is running Lollipop 5.1.1, the app detected 5 vulnerabilities, which confirms that having the "latest" android version doesn't mean your phone is protected.
IO.Hazard is offline   Reply With Quote
Old 28. Dec 2015, 12:52 PM   #2 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default

Interesting thanks.

What is your view of the VirusTotal scan of the Android VTS Tool, anything to worry about??
Sope is offline   Reply With Quote
Old 28. Dec 2015, 01:08 PM   #3 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,274
Default

Android Lollipop is not the latest, to be correct. Android Marshmallow is the latest version.

And with this release of the OS, Google and other vendors have decided to release monthly stability and security patches for the OS, which is quite a good decision, keeping in mind the security.

I have a Nexus 5, and it has been receiving these monthly updates.

However, yes, when the vendor decides not to release any more updates for that device, then it's a problem.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 28. Dec 2015, 08:20 PM   #4 (permalink)
Senior Member
 
Join Date: Aug 2012
Posts: 192
Default

Quote:
Originally Posted by Sope View Post
What is your view of the VirusTotal scan of the Android VTS Tool, anything to worry about??
Nothing to worry about. The app uses the same procedure a malicious tool would (in this case the infamous Stagefright vulnerability) but only to explore if the phone is vulnerable or not. It will not tamper with your phone in any way. The VTS Tool is open-source, so anyone can audit the code and report possible backdoors.

@Anupam,

Yes, you're right. Android M (6.0.1 to be more specific) is the latest version of Android, but is only available for some Nexus and Pure Edition devices, which are controlled by Google. The rest of devices are running Android JellyBean, KitKat or Lollipop at best, and only some lucky ones are to receive the 6.0.1 update in January or February.

As for the monthly stability and security patches, once again the Nexus series seems to be the only one receiving them through the "Android Security Bulletin Monthly Release". Although Motorola, LG, and Samsung were the first vendors to jump in, only users with the more expensive phones have seen the so-called monthly updates, if any. (Source)

According to the latest official Android distribution figures (December 2015), Android M just hit the 0,5% mark (very low), while Lollipop reached the 29,5% and KitKat still dominates with a solid 36,6%. Even the dated JellyBean, with all its variations, has a 26,9% distribution share.

If Lollipop 5.1.1 had 5 vulnerabilities out of 26 possible, I wonder how the lower, older versions, would fare against the VST tool.
IO.Hazard is offline   Reply With Quote
Old 28. Dec 2015, 08:27 PM   #5 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default

Quote:
Originally Posted by IO.Hazard View Post
Nothing to worry about. The app uses the same procedure a malicious tool would (in this case the infamous Stagefright vulnerability) but only to explore if the phone is vulnerable or not. It will not tamper with your phone in any way. The VTS Tool is open-source, so anyone can audit the code and report possible backdoors.
Thanks for that.
Sope is offline   Reply With Quote
Old 29. Dec 2015, 09:24 AM   #6 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,274
Default

Good points IO.Hazard. And quite some points of concern there for the end users. First, they have to wait a really long time for any update, and then security patches being provided only to flagship devices is just not fair.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 29. Dec 2015, 10:26 AM   #7 (permalink)
Senior Member
 
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
Default

My phone running ICS 4.0.9 has 14 vulnerabilities according to the VTS Tool

I am looking to upgrade soon (long overdue ) but it sounds like that still won't guarantee reliable security. Not that I've ever trusted using my phone for sensitive stuff like online banking and such.
Sope is offline   Reply With Quote
Old 22. Jan 2016, 05:01 AM   #8 (permalink)
Full Member
 
UserError's Avatar
 
Join Date: Jun 2014
Location: Light of the South
Posts: 40
Default

Just installed the app from the official link. My phone is on KitKat 4.4.4 and 10 vulnerabilities were detected, too bad. All of them are 'serious' and my phone is stuck with this android version.

Google should have implemented 'granular system updates' the same way it did with the permissions. That way you could patch the system without the need of big, updated firmwares.

BTW, this screen got my attention during the installation:



Is that a confirmation that antivirus apps are just a waste internal storage, battery life, and other valuables system resources? If a serious developer like this one states this, I think I should listen to him.
__________________
Error Code 42: User Error. It's not our damn fault!
UserError is offline   Reply With Quote
Old 23. Jan 2016, 12:00 AM   #9 (permalink)
Senior Member
 
Join Date: May 2010
Posts: 549
Default

Using your phone makes you less secure! Fact
But that comment may actually be true under many circumstances.

Relying on AV to keep your phone safe is not a good idea. You should still be careful what sites you visit.
AV will help to reduce the likelihood of getting a virus by accident, but if you visit iffy sites then it won't stop al of them.
Burn-IT is offline   Reply With Quote
Old 23. Jan 2016, 03:26 PM   #10 (permalink)
Editor (Android)
 
Join Date: Jan 2012
Posts: 224
Default

I'll jump in on the whole antivirus thing - and I'll go out on a limb and say it's not necessary. Here's why:
1. Android already has a certain security mechanism built-in - it does, as far as I know, scan apps when they are installed.
2. If you stick to the Google Play Store or another reliable app store, you should be fine when it comes to avoiding viruses, if you take a look at what you download and don't just download an app from a random developer with 100 downloads and 10 bad reviews.
3. You can't run APKs on Android the way you can run EXEs on a Windows computer. On a Windows computer, any EXE can run without being installed, and it has access to a lot of stuff, if it wants to access it, even without administrator privileges. On the other hand, an APK can't run without being installed - and when it is installed, it's not the APK providing the installation interface, it's the system (which is why there aren't all the problems with installer crapware on Android), so the user explicitly presses the install button, which is right under the list of permissions it will get if installed - and the app will only be able to use those services. The only way it can get around that is by using an exploit - which is where the whole topic started - but at that point, it shouldn't have a problem getting around the antivirus either, especially since antivirus on Android doesn't have quite the capabilities of Antivirus on Windows, for example.
trainman261 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 08:18 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.