Ondrej Vlcek

30 December 2011

Frequently asked questions about avast! Mobile Security

With the introduction of our new mobile product, avast! Free Mobile Security, we officially entered the mobile security business. While most of the feedback we have seen to date has been very positive, some of the reviews and comments on the Android market indicate that some people are a bit confused about the product and its features. This blog post was meant to explain some of the concepts and hopefully help resolve some of the confusion. It is structured as questions and answers. If you have additional questions, please feel free to post a comment below or head to our forum.


1. Why should I install a security product on my phone? There's no viruses anyway, right?

First, it's important to realize that the product goes well beyond malware protection. Components like Anti-theft, Firewall, SMS and call filtering and Application management are very useful irrespective of the malware situation and are all a good reason to install the product.

However, even the malware situation is not that great. To date, we have registered about 4,000 unique apps that exhibit malicious behavior. Most of them were pulled from the market relatively soon (some didn't even make it to the market), but we dare to say that we can detect them faster.

Also, some of the threats are completely platform independent. A great example is phishing. Here's how it works: you are sent a link to a website that looks and feels exactly like your online banking site, but in fact it's a fake site whose purpose is to capture your credentials and steal your money. This has been a long-time classic on the desktop, but as people start browsing the web using their mobile devices it's also becoming a problem here. Therefore, it does make sense to have an app that will alert you whenever you do something stupid like this (in case of avast! Mobile Security, the Web Shield component takes care phishing URL filtering). Especially given it's free.


2. Some features of the product are "root-only". Does it mean that I need to root my phone to use your product?

No, of course not! While it's true that some of the features of the product require "root" access, and therefore work only on rooted phones, the product works great even on non-rooted phones. In fact, from the security standpoint, rooting your phone is a bad idea and we recommend against doing so. On the other hand, we consider owners of rooted phones higher-risk users, and that's why we're putting more features into the product to provide additional protection for those users.

It's also unfair to say that the number of features of the product available even on non-rooted phones is very limited. In fact, the feature set is broader than in most competing products (including paid products). For example, we think that many features of the anti-theft component are truly unique, including those that work on all phones (including non-rooted phones).

The only exception is the firewall. The firewall is a handy tool that allows you to control network access on a per-app basis. This can be useful for multiple reasons: security, convenience (think online ads) and even battery life (use of the network is a big battery eater). Unfortunately, the firewall is only available on rooted phones, and the reason for that is that the limitations of the Android platform didn't allow us to implement it for non-rooted phones (even though we'd love to).


3. avast! Mobile Security is only available for Android. Do you plan to support other mobile platforms as well?

While we'd love to support other platforms, such as iOS (iPhone/iPad), Blackberry and Symbian, the obvious platform of choice for the first version of the product was Android. This is not only because it's the platform most commonly targeted by attackers these days, but also because the number of Android handhelds is growing at an incredible pace. Last but not least, the Android platform is also the friendliest when it comes to app developers, especially security apps. For example, the limitations of the iOS platform make it really difficult to come up with a meaningful security product for iPhone.


4. Will you provide a web portal through which I will be able to remotely control the device?

Yes, we're working on a new web portal that will allow you to fully control the product from a intuitive web-based user interface. This is especially useful for the anti-theft component where you will be able to track your device and issue commends (such as Report stolen) directly from the web-based console, without the necessity of using SMS commands.
The estimated release date of the new version, together with the web portal, is Q1 2012.


5. Does the product also work on Android tablets?

Yes, the product works OK on Android tablets. However, some of the features may not work as expected. For example, the anti-theft component currently uses SMS commands to communicate with the device once it's stolen or lost. If your tablet doesn't have 3g support (doesn't have a SIM card), then obviously the SMS commands won't work and you won't be able to control the device in any way.

The new version (discussed above), scheduled for Q1 2012, will solve this problem by providing a web-based console which will work correctly even with tablets. Besides that, the new version will have specific support for tablets in terms of user comfort. Stay tuned and regularly check the Android market for updates!


6. Does the product support Android 4 (a.k.a. Ice Cream Sandwich, or ICS)?

We have tested the product on ICS and we didn't find any problems. However, the support is still a bit unofficial (or experimental) and hence we'd love to hear your feedback.

By the way, did you know that we're now running a contest where you can win one of the new ICS-enabled Samsung Galaxy Nexus phones? More information can be found here: http://blog.avast.com/2011/12/23/android-new-users-and-you


7. I don't want to install your product because it will drain my battery.

We have designed the product to have minimal (or no) impact on battery life. In fact, when designing any of the features, one of the principal questions we asked was "How do I architect the feature to have no impact on battery?"

Our internal tests show that we did a good job.

We aren't going to present the exact results of that test though as we understand that your mileage may vary. Instead, we're talking to a couple of independent, respectable testing organizations that could conduct a professional test and present the results in a more official way (e.g. in printed magazines and their associated online sites).


8. Why does the app need all of those permissions?

That's a very good question. For example, why would a security app need the "Directly call phone numbers" permission?

To understand that, it's necessary to realize that the permission system in Android is bit coarse. What I mean by this is that in Android, permissions control which API groups can be used by the app. In the specific case of the "Directly call phone numbers" permission, it's not that avast! make any phone calls; but in order to implement the Call filter functionality, it relies on some APIs that require this permission. Similarly, receiving of SMS is required for the anti-theft component to work; full Internet access is required for the definition updates to work; reading of phone data is required for virus scanning and the Web Shield. And so on...

Trust us, we're taking your privacy very seriously. The permissions required by the app are the minimum set that was needed to implement the functionality.


9. Will the product protect me against all possible threats?

No. While we tried to do our best to protect your device against all possible threats, no solution is 100%. It's also important to realize that the product is a normal Android app, with all the limitations that the app model currently has. Therefore, it can hardly protect against exploits targeting specific vulnerabilities in the OS kernel, the network stack and similar low-level parts of the system, for example. This, however, applies to all products on the market, and it's up to us (the security industry) to work with the OS vendor to develop future solutions that will minimize the risks of getting attacked.


10. The product is now free. Will it stay free forever?

The product is indeed free and there's no plans to change that. Eventually, we may come up with a premium product that will have some additional features and cost money (as is the case with our Windows products), but the core product will stay free.


Mobile Security, Security News