Rules and Apps in Mobile Security
This is new to me and I will obviously try to put some time in reading up and watching tutorials but while setting up MS ( as monitored via console: ) on a few devices there was two potential issues I recognized almost immediately.
- I illustrate with a screenshot:
I disabled those. Why? Because they will most likely always be TRUE. Even if having the latest OS version. The only circumstance I imagine they would not be true is if one has an OS version that is so old, BEST MS does not detect any hacking or abnormal activity on it… right?
Can you elaborate on any good reason to not have them disabled, considering users may post questions about it and your answer will just feel silly to them? One can lower the warning severity of course, but I am struggling to find a reason to have it there in the first place, considering the OS Upgrade warning is very much available, I actually changed that from Low to Elevated.
I realize this may of course fail to fit everyone, but it is applicable in my environment since I have no Phone Apps requiring updates for compatibility or anything similar.
2. Sideloaded Apps. I am not entirely sure what an App does to be sideloaded and what risk it entails, but what if you want to clear such an app I use this option, see image below:
The very odd thing is that Bitdefender ALSO registers as a sideloaded app, how is that?
Yes, I will approve it, but still, one ponders these things. 🧐
Comments
-
Hello @SecCon ,
- 'Vulnerable/non-upgradeable' means there are high/critical CVEs that exist for a newer patch than what is running on the device. However, Android devices do not have a one-size-fits-all answer when it comes to vulnerable versions.
Android vulnerability is dependent upon on Make/Model and Operator. Even though a device has been upgraded with the latest patches available to the user, it can still be categorized as vulnerable/non-upgradeable. Sometimes this is the result of an older phone model, but often this is because the operator has not allowed the latest patch date to be applied to devices on their network. Customers with a large number of devices may notice that several devices are the same model, but only a portion are considered vulnerable/non-upgradeable.
To determine the "Vulnerable Android Version" threat we use "crowd funded" data to mark when a new Android version is available. In practice what this means is that when the phone model, mobile provider and software version combinations that are synchronized to our Mobile Security platform exceeds 10% of those criteria this threat is triggered for devices that haven't upgraded.
Due to the presence of various mobile operators that support Android OS, we utilize crowdsourced patch data. We aggregate this information from devices in our consoles and research labs to make informed decisions. Consequently, this may result in a delay in providing users with the most accurate patch information. In contrast, iOS devices benefit from a centralized approach, as Apple manages the distribution of patches directly. Therefore, we kindly request that users allow a grace period of 30 days before comparing patches, ensuring we have sufficient time to analyze the data thoroughly on our end.
If after the 30 days you still see the threat in the console then we will need to investigate it further by contacting our enterprise support team. - Sideloading is the practice of installing mobile apps on a device that are not from the official app stores. This is typically done on a rooted Android device or a jailbroken iOS device. Sideloaded apps can be dangerous because they may contain malicious code and have an unknown security posture.
Now regarding the Bitdefender app that is marked as a sideloaded app, which application is this? Is it the Mobile Security agent app installed on the phone? Is is another Bitdefender application?
Also double check on how was this Bitdefender installed and if it was from an official source and with a valid certificate that we will need to check why it is marked as such with the enterprise support team.
Kind Regards,
Andrei
2 - 'Vulnerable/non-upgradeable' means there are high/critical CVEs that exist for a newer patch than what is running on the device. However, Android devices do not have a one-size-fits-all answer when it comes to vulnerable versions.
-
Thanks for the threat level clarification, I would assume it is mostly valid for iOS devices as well.
As for the installation source is respective official channel (GooglePlay or AppStore) and activated via link provided from the MS Console in a generated e-mail.
This: https:// apps.apple.com/us/app/bitdefender-gravityzone-mtd/id6445922127and the corresponding on Google Play.
https:// play.google.com/store/apps/details?id=com.bitdefender.gravityzone.securityformobile&hl=en
0 -
Yes, and if the apps are installed from valid sources and are marked as Sideloaded Apps then we need to investigate with our support team the reason.
Kind Regards,
Andrei
1 -
Do you need me to contact support?
0 -
Yes, as the request needs to come from a customer and additional information required for investigation will be requested from you.
Kind Regards,
Andrei
1
