How does Bitdefender in android ensure safety and security when malicious web links open in in-app web browsers of 3rd party apps that are not supported by Bitdefender Web protection feature?
Hello,
Currently, Web Protection does not support third party app web browsers. The Mobile Security development teams will take into consideration your suggestion, for now it is recommended to open urls in one of the supported browsers.
Regards
Ok. But what other defense methodology is used or implemented to counter threats in this case
If you use one of the supported browsers, then there's no need for other defense layers. Bitdefender Mobile Security will make sure that the Android device stays clean by automatically scanning any application immediately after its install. So, it will no longer scan those apps that have been scanned before or that have not been altered in any way. This way it can find any apps that hide malicious components, harvest or steal data, as usually this is how most infections happen on Android. When browsing unknown pages or doing sensitive tasks on your phone, it's recommended to use the available VPN as well. And like I said earlier, for the best protection and peace of mind, simply use a supported browser.
So in those in app browsers, if it delivers a malware, Bitdefender would block the app. But if a phishing page is opened, then does Bitdefender have any way to protect the user?
Well, for example say a phishing link comes up while scrolling in Instagram app, and the link is tapped , that opens in an in-app browser . So anything Bitdefender in Android does to provide security in such situations.
BMS generally would not scan every URL displayed inside the Instagram feed before the user taps it. Scam Protection focuses on suspicious links delivered through sms, messaging apps, notifications, and alerts, not arbitrary links rendered inside every app feed. If Instagram opens it in its own embedded browser, I think BMS is not guaranteed to intercept it. However, if the link opens externally in a supported browser, then Web Protection is expected to apply. Other modules may still help later, for example app scanning if an APK or malicious app is installed from a malicious url, but that does not protect you from typing credentials into a phishing page. I would exercise caution especially whenever you see ads on Instagram, or suggested profiles that look artificial.
I think this scenario is really something to consider in the future developments, maybe the security researchers will manage to implement certain layers that can help here, but it depends a lot on compatibility with the respective browsers and therefore on certain approval processes and implementation flows that must be followed. The technology is there for sure, but it takes more than that to be able to push something like this going forward.
Yeah, its kind of area where its difficult for security tools to handle, due to Android limitations. But maybe , BMS can implement a method where using app monitoring it would detect whenever an in-app browser is opened by any app, then it would present an overlay asking the user to open the link in supported web browser that is installed or maybe provide a button tapping on which the link would automatically open in a supported web browser that is set as default.
