Difference between free version and paid version of Bitdefender Mobile Security for Android

Jeufke
Jeufke Mr
edited March 18 in Mobile Security

Can someone tell me the difference between Bitdefender mobile for Android free version and the paid version?

Thank you.

Comments

  • garioch7
    garioch7 Defender of the month ✭✭✭✭✭

    @Jeufke ,

    Welcome to the Bitdefender Forums. The paid version offers many more features than the free version.

    Personally, I use the paid version on two smartphones. Compare features and decide what is best for you.

    Have a great day.

    Regards,

    Phil

    Former Bleeping Computer Malware Response Instructor

  • Nunzio77
    Nunzio77 Defender of the month mod

    Hi @Jeufke

    in short, the free version only scans the apps and files present on the smartphone, it does not have web protection, app anomaly protection, etc...

    The free version will defend you from malicious apps downloaded and installed and/or malicious files downloaded to your smartphone.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    To add to @Nunzio77, the Bitdefender App, whether free or paid, will only scan for 3rd party apps installed on the mobile device or if you download any .apk extension file on your mobile device from the internet. It will not scan the system files of the Android operating system because even if it finds malware in the Android operating system, it will not be able to delete that system file since the Android operating system has the upper hand compared to the third-party apps installed on it.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Nunzio77
    Nunzio77 Defender of the month mod

    @Flexx are you sure about this?

    For example, Sophos Intercept X also scans system apps (if the feature is selected). It seems strange to me that Bitdefender doesn't do this...

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • garioch7
    garioch7 Defender of the month ✭✭✭✭✭
    edited March 23

    @Nunzio77 ,

    @Alexandru posted, more than once, that BMS does not scan system files and system applications. Because of the nature of the Android operating system, it could not take action even if it did detect something. One such post is here.

    He will be able to explain it better than I am. @Flexx is absolutely correct.

    Have a great day.

    Regards,

    Phil

    Former Bleeping Computer Malware Response Instructor

  • Nunzio77
    Nunzio77 Defender of the month mod

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited March 24

    Bitdefender never scans system files of an Android OS for the reasons already stated above.

    This was also verified by @agozob

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Nunzio77
    Nunzio77 Defender of the month mod

    But at this point I wonder why Sophos has this function that the user can choose to activate or not... well...

    @agozob why??

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @Nunzio77, it is pretty simple. Even if Bitdefender finds malware in the Android OS system files, it will not be able to remove them due to Android security policies, which prohibit any 3rd-party apps from making changes to the Android OS. For other antimalware vendors, you might contact them.

    Here is where your option can be taken as feedback: when you root the Android (and I guess though Bitdefender will be against this), it should scan the internal OS files also that can be manipulated with a custom ROM.

    @agozob, what do you think about this?

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Nunzio77
    Nunzio77 Defender of the month mod

    @Flexx so if the root of an Android smartphone has not been changed, no malicious app can infect system files. Right?

    So with Bitdefender controlling third-party apps you can still rest easy. Right?

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Yes, that's correct!

    If the root of an Android smartphone has not been changed or "rooted", it's generally much more difficult for malicious apps to infect system files. Rooting gives apps elevated privileges, which can be exploited by malware. So, without rooting, the system files are generally safe from most threats.

    Bitdefender is itself a third party app for Android OS.


    This is additional information I found from various antimalware blogs

    Screen lockers on Android:

    Screen lockers prevent access to your device's interface by displaying a fake message.

    They do not encrypt files but demand a ransom to restore normal access.

    They can affect both rooted and non-rooted devices, locking the screen regardless.


    Ransomware on Android:

    Ransomware encrypts files, making them inaccessible, and demands payment for decryption.

    It can be highly damaging, locking important files until a ransom is paid.


    On rooted devices, ransomware can gain deeper access to system files.

    On non-rooted devices, ransomware still encrypts files but without system-level access.


    And both of the above can execute if they bypass Bitdefender's detection database.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hi,

    I think many system apps have elevated privileges and permissions that regular user-installed apps don't have. Mobile Security may not have the necessary permissions to scan these system apps thoroughly on Android, and there's also another thing to consider: the system apps are often tightly integrated with the OS, so tampering with them could potentially destabilize the device or cause malfunctions.

    I'm also curious on @agozob's opinions on this topic.

    Cheers!

    Premium Security & Bitdefender Endpoint Security Tools user

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff
    edited March 26

    Hello there,

    As stated by others in this thread, we indeed do not scan the system apps, but we do scan any updates that might occur for system apps (since those can be uninstalled). Also, I previously answered this question in another discussion: https://community.bitdefender.com/en/discussion/comment/333556#Comment_333556

    I guess that other vendors might have different points of view about scanning the system apps, but personally I think all that would do is increase the time it takes for a full scan to complete.

    Regarding root access, we strongly recommend that you keep your device stock unless you are very tech savvy and are very well aware of all consequences. Even if you're highly skilled, you still expose yourself to a lot of threats by using a device with root access. @Flexx asked whether it would make sense for us to scan internal system files of rooted device and I believe it wouldn't be worth the effort invested into the research and implementation of such feature, neither for us nor for our clients. I have two simple arguments to back this up:

    • Root access opens the gate for highly sophisticated threats which could simply uninstall any and all anti-malware solutions on the device before they even get to scan it or alert the user
    • The internal structure of the OS can greatly differ from one custom ROM to another and any system file can be modified at the users will. Those of you who experimented with such things know that there are a lot of mods that one can do to a rooted device, some of which are pretty unorthodox but are well intended. This means there would be a very fine line between what's malicious and what is not.

    Hope this answer helps, I'm glad to help you guys with any other follow up questions!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited March 26

    But then I have a question here. Mainly, users replace the stock ROM with a mod ROM like CyanogenMod (which is now discontinued and was succeeded by LineageOS) for the purpose of increasing performance and removing permissions that were prohibited via the stock ROM. Be it anything, in these cases, for security purposes, Bitdefender can be utilized to scan for Android ransomware, which can encrypt the extension of system files. While in the stock ROM, due to Android permissions, it is harder to encrypt system files.

    Additionally, when we install any mod apps or mod games, Bitdefender detects some (if not all) of them as Android.TestKey. Why does it only detect some mod apps or mod games and not others? How does it differentiate between mod and non-mod apps or games, and then why does it do so for some mods or mod games and not for all mods?

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff
    edited March 26

    Yes, it is harder for a ransomware to encrypt user data on a stock device but it's not impossible. I haven't seen Android malware that is specifically targeting rooted devices only, but some do use root if it's available. The logic is usually something like "if the device is rooted then escalate privileges and drop all bombs, otherwise do what you can". Also, generic malware is made with the average user in mind, while a rooted device usually indicates a power user. Since power users are harder to trick and they make up a small percentage of all users, it's not very profitable for threat authors to specifically target them. Anyways, my point is that a ransomware app would be detected by BMS regardless of the OS integrity.

    As for the modded apps, those with the "TestKey" detection are signed with publicly available or leaked certificates. That is usually not a good sign and could (hence the "Riskware" and not "Trojan" detection) indicate that the author attempted to hide their identity in an attempt to evade detection. If such an app is not detected with "TestKey" then it means that whoever repacked the app played it fair and used their own certificate.

    Edit: I forgot to link to my other more detailed comment on the matter of TestKey detection https://community.bitdefender.com/en/discussion/comment/335893/#Comment_335893

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @agozob, one thing I forgot to ask is whether the TestKey detection is created by malware researchers or if it's more of an app anomaly/behavior blocker?

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    Hi! It's a "classic" detection, created by researchers. It has nothing to do with App Anomaly Detection.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Premium Security & Bitdefender Endpoint Security Tools user

  • agozob
    agozob Team Lead, Cyber Threat Intelligence Lab BD Staff

    What I meant is that the verdict is given by a rule which matches the APK file. No runtime information is taken into consideration.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)