Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

December 30th, 2011

Frequently asked questions about avast! Mobile Security

With the introduction of our new mobile product, avast! Free Mobile Security, we officially entered the mobile security business. While most of the feedback we have seen to date has been very positive, some of the reviews and comments on the Android market indicate that some people are a bit confused about the product and its features. This blog post was meant to explain some of the concepts and hopefully help resolve some of the confusion. It is structured as questions and answers. If you have additional questions, please feel free to post a comment below or head to our forum.

 

1. Why should I install a security product on my phone? There’s no viruses anyway, right?

First, it’s important to realize that the product goes well beyond malware protection. Components like Anti-theft, Firewall, SMS and call filtering and Application management are very useful irrespective of the malware situation and are all a good reason to install the product.

However, even the malware situation is not that great. To date, we have registered about 4,000 unique apps that exhibit malicious behavior. Most of them were pulled from the market relatively soon (some didn’t even make it to the market), but we dare to say that we can detect them faster.

Also, some of the threats are completely platform independent. A great example is phishing. Here’s how it works: you are sent a link to a website that looks and feels exactly like your online banking site, but in fact it’s a fake site whose purpose is to capture your credentials and steal your money. This has been a long-time classic on the desktop, but as people start browsing the web using their mobile devices it’s also becoming a problem here. Therefore, it does make sense to have an app that will alert you whenever you do something stupid like this (in case of avast! Mobile Security, the Web Shield component takes care phishing URL filtering). Especially given it’s free.

 

2. Some features of the product are “root-only”. Does it mean that I need to root my phone to use your product?

No, of course not! While it’s true that some of the features of the product require “root” access, and therefore work only on rooted phones, the product works great even on non-rooted phones. In fact, from the security standpoint, rooting your phone is a bad idea and we recommend against doing so. On the other hand, we consider owners of rooted phones higher-risk users, and that’s why we’re putting more features into the product to provide additional protection for those users.

It’s also unfair to say that the number of features of the product available even on non-rooted phones is very limited. In fact, the feature set is broader than in most competing products (including paid products). For example, we think that many features of the anti-theft component are truly unique, including those that work on all phones (including non-rooted phones).

The only exception is the firewall. The firewall is a handy tool that allows you to control network access on a per-app basis. This can be useful for multiple reasons: security, convenience (think online ads) and even battery life (use of the network is a big battery eater). Unfortunately, the firewall is only available on rooted phones, and the reason for that is that the limitations of the Android platform didn’t allow us to implement it for non-rooted phones (even though we’d love to).

 

3. avast! Mobile Security is only available for Android. Do you plan to support other mobile platforms as well?

While we’d love to support other platforms, such as iOS (iPhone/iPad), Blackberry and Symbian, the obvious platform of choice for the first version of the product was Android. This is not only because it’s the platform most commonly targeted by attackers these days, but also because the number of Android handhelds is growing at an incredible pace. Last but not least, the Android platform is also the friendliest when it comes to app developers, especially security apps. For example, the limitations of the iOS platform make it really difficult to come up with a meaningful security product for iPhone.

 

4. Will you provide a web portal through which I will be able to remotely control the device?

Yes, we’re working on a new web portal that will allow you to fully control the product from a intuitive web-based user interface. This is especially useful for the anti-theft component where you will be able to track your device and issue commends (such as Report stolen) directly from the web-based console, without the necessity of using SMS commands.
The estimated release date of the new version, together with the web portal, is Q1 2012.

 

5. Does the product also work on Android tablets?

Yes, the product works OK on Android tablets. However, some of the features may not work as expected. For example, the anti-theft component currently uses SMS commands to communicate with the device once it’s stolen or lost. If your tablet doesn’t have 3g support (doesn’t have a SIM card), then obviously the SMS commands won’t work and you won’t be able to control the device in any way.

The new version (discussed above), scheduled for Q1 2012, will solve this problem by providing a web-based console which will work correctly even with tablets. Besides that, the new version will have specific support for tablets in terms of user comfort. Stay tuned and regularly check the Android market for updates!

 

6. Does the product support Android 4 (a.k.a. Ice Cream Sandwich, or ICS)?

We have tested the product on ICS and we didn’t find any problems. However, the support is still a bit unofficial (or experimental) and hence we’d love to hear your feedback.

By the way, did you know that we’re now running a contest where you can win one of the new ICS-enabled Samsung Galaxy Nexus phones? More information can be found here: https://blog.avast.com/2011/12/23/android-new-users-and-you

 

7. I don’t want to install your product because it will drain my battery.

We have designed the product to have minimal (or no) impact on battery life. In fact, when designing any of the features, one of the principal questions we asked was “How do I architect the feature to have no impact on battery?”

Our internal tests show that we did a good job.

We aren’t going to present the exact results of that test though as we understand that your mileage may vary. Instead, we’re talking to a couple of independent, respectable testing organizations that could conduct a professional test and present the results in a more official way (e.g. in printed magazines and their associated online sites).

 

8. Why does the app need all of those permissions?

That’s a very good question. For example, why would a security app need the “Directly call phone numbers” permission?

To understand that, it’s necessary to realize that the permission system in Android is bit coarse.  What I mean by this is that in Android, permissions control which API groups can be used by the app. In the specific case of the “Directly call phone numbers” permission, it’s not that avast! make any phone calls; but in order to implement the Call filter functionality, it relies on some APIs that require this permission. Similarly, receiving of SMS is required for the anti-theft component to work; full Internet access is required for the definition updates to work; reading of phone data is required for virus scanning and the Web Shield. And so on…

Trust us, we’re taking your privacy very seriously. The permissions required by the app are the minimum set that was needed to implement the functionality.

 

9. Will the product protect me against all possible threats?

No. While we tried to do our best to protect your device against all possible threats, no solution is 100%. It’s also important to realize that the product is a normal Android app, with all the limitations that the app model currently has. Therefore, it can hardly protect against exploits targeting specific vulnerabilities in the OS kernel, the network stack and similar low-level parts of the system, for example. This, however, applies to all products on the market, and it’s up to us (the security industry) to work with the OS vendor to develop future solutions that will minimize the risks of getting attacked.

 

10. The product is now free. Will it stay free forever?

The product is indeed free and there’s no plans to change that. Eventually, we may come up with a premium product that will have some additional features and cost money (as is the case with our Windows products), but the core product will stay free.

 

Categories: Android corner, Technology Tags:
  1. Tech
    December 30th, 2011 at 16:07 | #1

    [i]In fact, from the security standpoint, rooting your phone is a bad idea and we recommend against doing so.[/i]
    Well… If rooted is bad, we’ll have a false impression that using the full Anti-Theft features (uninstall, USB debug) and the firewall would be better…

    We recommend? Where?

  2. Tech
    December 30th, 2011 at 21:43 | #2

    As Vlk asked me to rephrase, here we go.

    When we look at avast! Mobile Security we want a completely uninstalable Anti-Theft feature. But we know that, due to Android OS limitation, we can disable the device admin without a password (http://forum.avast.com/index.php?topic=90796.msg721969#msg721969). That’s the main reason to go rooted: the uninstallation is much more difficult.

    Besides, as some features are just released for rooted phones, common users think being rooted is better, has more features and be more protected (including a firewall).

    The “side-effect” of the firewall reducing the bill (blocking some applications) is also a very good feature (Reserved forum: http://forum.avast.com/index.php?topic=90752.msg724796#msg724796).

  3. December 30th, 2011 at 22:43 | #3

    Well, it’s what it is.

    I was just saying that from a security perspective, if you root your phone you expose yourself to considerable more risk than if you don’t. That’s why we (as a security vendor) don’t want to encourage you to do it.

    On the other hand, yes, once you root the phone, your apps will become more capable. So it really comes down to what your proficiency level is what you’re trying to achieve.

  4. Tech
    December 31st, 2011 at 16:09 | #4

    Well, you know, disable the disguised device admin… uninstall… and here we go…

  5. Iggyo
    January 6th, 2012 at 03:15 | #5

    OK, first of all, let’s agree that apps are the most likely medium for malware to propagate. You mention in the article that you discovered 4000 malicious behaving apps which were soon taken off of the Market soon after. My question is, why don’t you (avast!) tender a contract to Google to vet all apps that are submitted? This way, we can be more sure of our downloaded apps from the Market and we won’t have to install an additional app to do this. This should be the first step in making mobile apps on the Market safer and I see no reason (yet) to have a security app installed on my phone. I use my phone (I think) in a safe, responsible manner and pay attention to the permissions each app asks for. Let’s face it, the human factor is what drives anything malicious, including apps, phishing and sites. As an example, people still send bulk email to their contact list every time an “virus outbreak” occurs. I like to call this “viral spam” and propagated manually by humans. It occurs even if the threat is not real which could be avoided if the person sending the email checked snopes.com or did a Google search. If users understood how to avoid these pitfalls, we’d all be a lot safer.

  6. Tech
    January 6th, 2012 at 13:01 | #6

    Security won’t be only in the source of the apps. They could get problems in between. For instance, a legit service could be abused like Google Images (https://blog.avast.com/2012/01/05/poisoning-google-images-presentation-slides-from-avar-2011/).

    An agreement could be made, but Market is not the only source of app.

  7. January 6th, 2012 at 16:27 | #7

    @Iggyo

    Iggyo, thanks for your note. I agree with you that working with Google directly would be even better. We actually do have some meaningful initiatives in that area, but please realize that Google is a huge company and it’s not easy to set up a partnership like this.

Comments are closed.