BD Mobile Security: App Anomaly Detection Suddenly Turned Off. Any Help?

2»

Comments

  • Like the article says, it is very hard to keep up with all the changes in the system settings layout and their modifications across all the combinations of phones and Android versions, hence the inconsistent behavior, for some it works, for others it doesn't..

    Premium Security & Bitdefender Endpoint Security Tools user

  • Jimbo_Check
    edited March 2

    Please share screen image of which accessibility toggle you want us to see is off or on?

    I see many - images below


  • My smartphone is RealMe 8 android 13

    Today this problem after any hour of standby.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • [Deleted User]
    [Deleted User] ✭✭✭✭✭

    @Alexandru_BD ,

    Phone is Samsung Galaxy S21, Android 14. I am not sure what "BMS version" is or where to find it. My Accessibility service is not disabled. App Anomaly Detection is off every time I start my phone daily, and during the day it turns itself off.

    If you need more information, just ask. Have a great day.

    Regards,

    Phil

  • @garioch7 @Alexandru_BD @agozob

    Hello.

    I have the same issue as Phil A.K.A. @garioch7.

    Samsung Galaxy A22 5G (SM-A226B/DSN)

    Android 13

    One UI Core 5.1

    Android Security Patch Level October 1, 2023

    Google Play System Update January 1, 2024

    BD Mobile Security 3.3.231.2398

    Accessibility service for BD Mobile Security is enabled and never turns off.

    During the day, on every 3 or so hours, App Anomaly Detection turns itself off.

    So, the problem is only with App Anomaly Detection, not the Accessibility service for BD Mobile Security

    Regards.

  • @Alexandru_BD @agozob

    Hello again.

    My mother's phone:

    Blackview A50

    Android 11

    Android Security Patch Level February 5, 2022

    Google Play System Update January 1, 2024

    BD Mobile Security 3.3.231.2398

    Accessibility service for BD Mobile Security turns off During the day, on every 3 or so hours.

    So, the problem is that the disabled Accessibility service for BD Mobile Security disables also the App Anomaly Detection.

    Regards.

  • Gjoksi
    Gjoksi mod
    edited March 2

    @Alexandru_BD @agozob

    Hello again.

    Here comes the strangest part.

    My father's phone:

    Alcatel 1S (5024D)

    Android 9-01003

    Android Security Patch Level September 5, 2019

    BD Mobile Security 3.3.231.2398

    And that is the only phone (out of three phones) that doesn't have any issues with the Accessibility service for BD Mobile Security and/or App Anomaly Detection.

    BD Mobile Security works just fine, without any issues.

    Regards.

  • To me, however, the strange thing is that only a graphic issue on the main screen of BDM. In fact, on the main screen the warning appears that it is not active, but without activating it, I go to the tab where the button to activate and deactivate it is and it is already active. So in my case it seems like I receive the warning but the protection still remains active.

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Thanks ChrisSim that explain what I needed to see if it was on or off mine is on. see image below


  • @Jimbo_Check No problem :)

    @Alexandru_BD

    Device: Samsung Galaxy S21 Ultra 5G

    OS: Android 14 / One UI 6.0

    BD Mobile Security: 3.3.231.2398

    Accessibility settings have never been affected in any way.

    Nothing regarding the behavior of the bug/error has changed on my end; my comments from a month ago still stand:


    Best regards,

    Christian Simon

  • How am I being off-topic with my contribution here? In the context of the matter I am the most on-topic one can be I would argue. That is not a very motivating or rewarding atmosphere :|

  • If it was me who fat fingered and touch the off topic icon I apologize. No you're not off topic by any means you provided very good details.

  • After reviewing since the beginning of the post by others on this issue my summary take is Bitdefender has ample time to have looked at the version before or versions before this version to do analysis of the defect and to have corrected it by now as it now coming up soon to be 60 days since some of the reports of this defect in this community I've read.

    Either there were lots of code changes or they weren't documented very well.

    Just my 2 cents summary.

  • @Jimbo_Check Thanks for clarification :)

  • Jimbo_Check
    edited March 4

    Interesting discovery.

    Each time I power off and power on my phone and waiting 10 to 20 minutes to check Bitdefender, and even waited 14 hours.

    Opening of the main screen indicated I needed to activate App Anomaly.

    Today I decided to open Bitdefender and NOT touch the button to activate App Anomaly but rather touch each of the icons of the bottom and not touching any of the functions or features and then go back to the main screen. Where there was no need to activate App Anomaly it was removed magically.

    I perform this test three times perhaps others can chime in with their test results doing the same procedures.

    Play store shows that my upgrade to the current version occurred on February the 28th. See screen image.

    My phone is

    OnePlus 8T, model KB2007,

    Android version 13, Baseband version Q_V1_P14, Kernel Version 4.19.157-perf+

    Android security update Jan 5, 2024

    Regards,

    Jim

  • agozob
    agozob BD Staff

    Hi there!

    Thank you all for taking your time to provide input on this issue, it really means a lot! :)

    I was able to reproduce the problem using the steps @Jimbo_Check provided in the comment above. We'll do our best to resolve this as soon as possible.

    I know it's inconvenient, but until a fix is released you can just click "Activate" in the "Dashboard" tab or simply switch to the "Malware Scanner" tab and the feature will be automatically enabled (given the fact that you manually enabled it beforehand) - the feature will work as expected, without any problem.

    Thanks again, your help is much appreciated!

  • @Jimbo_Check

    You just wrote exactly what I did xD See ...

    And ...

    Nothing has changed ever since. Next time @Jimbo_Check just use my cited comments and add a "Same"; saves time :D

    PS: You still have not removed the off-topic tag ;)

    @agozob Thanks for the update. Much appreciated! ^-^

  • Me being new to this product Bitdefender Android Mobile Security as well first time newby to Bitdefender.community likely I did not see your first post as it was mid-February when I reported the defect to Bitdefender support before discovering of the Bitdefender.community

    Now that I'm a tad more familiar with this community and now first time going back to the beginning of this thread I don't understand the complexities to resolve this bug of the app anomaly.

    I've yet to understand when the app anomaly will perform a scan

    What is the logic when it is invoked?

    The the counts show zero on my application for app anomaly scans, and I've done several Google Play store updates of various apps.

    Perhaps a technical oversight would be useful on each of the functions within Android Bitdefender mobile security application. If there is a link somewhere please share.

    Thanks,

    Jim

  • [Deleted User]
    [Deleted User] ✭✭✭✭✭

    @Jimbo_Check ,

    I confirmed your results with my S21 in another post. My phone shows 242 app anomaly scans and 8,441 Download scans, plus 11 Manual scans and 285 Automatic scans, for a total of 8,979 scans.

    This Support post might help explain its purpose and function.

    I can't explain why you are showing zero app anomaly scans. Perhaps @Alexandru_BD can shed some light . . .

    Have a great day.

    Regards,

    Phil

  • Thanks for your response as well supplying the link to the marketing/sells information of App anomaly. I'm hoping to see more of a technical review to help me understand how it stands unique above other AV mobile apps as I'm in the trial mode before pulling the trigger for a family package. I'm grateful for this community group. As to BD support and resolving or answering my questions they seem to be good but have yet to resolve this issue. I would like to have a product that My family members would not have to touch after I help set it up for them and it only notifies them or protects them not have to go check to see if it's working or not. Perhaps a daily email could be sent to them to say everything's okay.

    Using various backup applications on Android and Windows my backup software will send me an email whether a backup occurred or a failure occurred or nothing was backed up I still get notification daily same time. Which is much better than me having to open the applications.

  • [Deleted User]
    [Deleted User] ✭✭✭✭✭

    @Jimbo_Check ,

    Thank you for your reply. I am unable to explain the technical details of how the App Anomaly Detection component of BD Mobile Security works. Sorry about that.

    We will have to wait for @Alexandru_BD, the Forum Administrator, to drop in on this topic, which he will. It is night in Romania, so we may well have an answer tomorrow morning, my time (Atlantic Standard Time) when I log in.

    As for email notifications, I personally would not favour that unless they could be turned off. Please be aware that I am not an employee of BD, and my comments reflect only my personal opinions.

    BD tries to keep a low profile. If doesn't notify you of an issue, there are no issues. I have been using BD products for many years now. My devices have never been infected. I am a very satisfied customer.

    Have a great day.

    Regards,

    Phil

  • Nunzio77
    Nunzio77 mod
    edited March 4

    @Jimbo_Check i am also not a Bitdefender employee, but I try to explain what the operation and characteristic of the "App Anomaly Detection" functionality is, which I believe is only in the Bitdefender product for Android and IOS protection, at the moment no other Bitdefender apps mobile protection from other providers has included it in their protection.

    It can be compared to the "Advanced Heat Defense" for Windows products from Bitdefender.

    "App Anomaly Detection" is a behavioral analysis component of an app, which if recognized as legitimate by the signatures (therefore by real time scanning protection during download and updating), can instead be intercepted as malicious if after a certain time suddenly begins to carry out actions compromising the security of the data and/or the smartphone.

    So for example, if the WathsApp app is infected by some hacker who inserts a hidden malicious code into the source code, the various signatures of the various Mobile AVs will struggle to recognize it as malicious and will have it installed/updated, because in the WathsApp signatures it is recognized as safe. However, when this WathsApp app with malicious code inside begins to carry out malicious activities after some time (e.g.: sends data to hacker IP addresses, uses high smartphone resources to carry out other activities, etc...) other AVs will not notice, while the Bitdefender one with the "App Anomaly Detection" function. It is a protection against 0-day attacks.

    Obviously this is my interpretation, but I leave the floor to @Alexandru_BD for any corrections or further details on the matter. 😉

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Thanks for your input @Jimbo_Check :) I have similar thoughts regarding App Anomaly Detection; I do not know how it is actually triggered. I currently have only 12 App Anomaly Scans (but none in the recent past) and 0 Download Scans in 1 year of using BD Mobile Security. I know how the latter works after reading its description; the term itself is a lil misleading though since it suggests to scan every download ^-^

    Maybe use the Bitdefender Central app? There you receive some notifications and see how your family's doing.

    PS: Reminder for @Jimbo_Check to remove the false off-topic tag. I will annoy you until infinity :P

  • Show me how to remove the "false off-topic tag" - I switched to PC from Phone trying to locate where I can uncheck it on a post - but uncertain where it is and how to undo it. Thank for help thus far.

  • Just go to the comment in question ...

    ... and tap on a different tag :> The "1" should then appear on "Like" or whatever you chose.

    Should be that simple or maybe I am forgetting something cause I am no expert here either haha


    Best regards,

    Christian Simon

  • I believe I got it if it's that simple to turn off then it's too easy to turn on. Mobile versions major difference over the web version PC. I'm sure there's quirks to learn in both.

  • @Jimbo_Check Yep, you did it :) I hope I was not too pushy ^-^ I too agree with you in that it could be better in some aspects; I miss a "not useful" (or something similar) tag/button because to disagree or to be off-topic are somewhat strong expressions and lack the meaning/implication of usefulness :D

  • Alexandru_BD
    Alexandru_BD admin
    edited March 6

    Cheers everyone,

    I can provide a general overview of how App Anomaly Detection typically works, but of course @agozob is the specialist in this area and has more insights, so he may correct me if I say something wrong.

    Essentially, the feature monitors the behavior of applications on the device. This includes actions such as accessing sensitive data, communicating with external servers, or modifying system settings. Initially, the system establishes a baseline of normal behavior for each application. This baseline is created by analyzing how the application typically behaves under various circumstances. Once the baseline is established, it continuously monitors the behavior of applications in real-time. If my understanding is correct, It compares the current behavior of an application to its established baseline, and any deviation from the expected behavior may be flagged as an anomaly.

    The anomaly detection feature incorporates machine learning techniques to improve accuracy, as explained in the press release. Machine learning algorithms can analyze large amounts of data to identify patterns and anomalies more effectively over time. In addition to machine learning, the system may also use predefined rules and heuristics to identify suspicious behavior. These rules are based on known patterns of malicious activity. When an anomaly is detected, the system assesses the level of risk associated with the behavior. This assessment may take into account factors such as the sensitivity of the data accessed or the potential impact on the device or user.

    Thanks,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Jimbo_Check
    edited March 6

    Thanks for your review Hopefully @agozob will provide additional information.

    May I ask where the baselines are recorded? Are they recorded on the device or in the cloud for each device? I say for each device because could some settings for each application may alter the baseline for each unit or phone where the application is installed. If only based for an application only and stored in the cloud then couldn't the baselines per device be incorrect? I hope that makes sense what I'm asking.

  • agozob
    agozob BD Staff

    Hello again :)

    I'll try to answer all of your questions regarding App Anomaly Detection (AAD). Brace yourselves, it will be a pretty big reply.


    To put it short, what AAD does is to monitor the behavior of all applications, continuously and in real-time, directly on the user's device, to predict and detect potential security threats, all with minimum impact on the mobile device. The intensive assessment logic itself is residing in Bitdefender's cloud environment. A simple example of such an "anomaly" is a 3rd party app displaying an overlay over a legitimate banking app, requesting login information to the user. That is a common phishing technique used by malware. Yet, as simple at it may be, it can be very tricky even for experienced users to notice it when it happens. We made a demo video for the App Anomaly Detection feature with this exact scenario: detecting the notorious Xenomorph malware the instant it shows a phishing login page on top of the well known crypto trading app Coinbase (https://www.youtube.com/watch?v=sdBnLAIueAY).


    AAD has multiple use cases. The obvious case, which determined us to develop the feature, is detecting new, "fresh out of the oven" malware (which can be undetected by any "traditional" engine for a while). Such apps can can run dormant for long time periods and drop the malicious payload days or even weeks after installation and only on certain devices, which makes it difficult to detect even by human analysis or with more advanced techniques such as sandboxing. AAD is able to identify such a threat even if you are the first user being targeted by it and the app shows 0 detections on VirusTotal. Now, even if some malware *is* detected and the user was already notified about it, they can simply ignore the detection (which I would highly not recommend), case in which AAD will notice them as soon as it detects malicious activity going on (e.g. so they don't fall victim to a phishing attack, like the previous Xenomorph example).


    Regarding the technical aspect of how things work, the explanation provided by @Alexandru_BD is pretty concise. The installed applications are constantly monitored and the detection is based on a combination of machine learning and predefined rules and heuristics which are constantly tweaked by our researchers. To answer @Jimbo_Check, if the AAD counter shows zero scans in the Bitdefender app, that's actually a good sign and there's nothing to worry about! If your device is *really* clean (you only installed legitimate and well known apps and none of them performed any weird activity), such a scan won't be triggered. This is intended and the reason why it happens is to avoid draining your battery for nothing. In the long run you will eventually see some scans, especially if you install apps from non-reputable stores (which by the way, we do not recommend).


    The answer provided by @Nunzio77 is partially correct, I only have two corrections. The first one is that hackers cannot alter the source code of an APK while maintaining the original signature of the app. But, say if you had a repacked/modded WhatsApp version which would perform some unholy actions, it could be detected by App Anomaly. Second, AAD is only available for Android, as the strict nature of iOS does not allow us to "see" anything that other apps are doing on the device, and that's not likely to change in the near future.


    Hope it's all clear now. I'm glad to help with whatever I can if there are any more questions regarding AAD.

  • Hey y'all :)

    I thought I should write something here since the very latest patch fixed the last remaining issue/problem; App Anomaly Detection is no longer recommended to be turned on in the BD Mobile Security app as of patch 3.3.232.2401 (at least for me and from what I can tell as a simple end user) ^-^

    So, this is where it might end now it seems; I hope it is the same for all of you out there! Maybe some others can also report on their findings with the new version :]

    What a journey :D Thanks to everyone at BD; keep up the good work!


    Best regards,

    Christian Simon

  • Hello,

    Quick update here: the issue was fixed in the latest BMS version 3.3.232.2401:

    Thank you @ChrisSim for your feedback! 👍️

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • [Deleted User]
    [Deleted User] ✭✭✭✭✭

    Likewise here. Great job by the BD engineers.

    Have a great day.

    Regards,

    Phil

  • Yes! I have not problem.

    Very very good! 😉💪🔝

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security