Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps

Laurent Simon, Ross Anderson

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

We study the “anti-theft” mechanisms available to consumers to thwart unauthorised access to personal data on stolen Android smartphones. With millions of devices stolen in the USA in 2013 alone, such attacks are a serious and growing problem. The main mitigation against unauthorised data access on stolen devices is provided by “anti-theft” apps; that is, with “remote wipe” and “remote lock” functions. We study the top 10 Mobile Anti-Virus (MAV) apps that implement these functions. They have been downloaded hundreds of millions of times. We investigate the general security practices of MAVs, as well as the implementation of their “remote wipe” and “remote lock” functions. Our analysis uncovers flaws that undermine MAV security claims and highlight the fragility of third-party security apps. We find that MAV remote locks may be unreliable due to poor implementation practices, Android API limitations and vendor customisations. Mobile OS architectures leave third-party security apps little leeway to improve built-in Factory Resets, therefore MAV remote wipe functions are not an alternative to a flawed built-in Factory Reset. We conclude the only viable solutions are those driven by vendors themselves.
Original languageEnglish
Number of pages11
Publication statusPublished - 21 May 2015
Event4th Mobile Security Technologies Workshop 2015 - San Jose, United States
Duration: 21 May 201521 May 2015
Conference number: 4
http://www.ieee-security.org/TC/SPW2015/MoST/

Workshop

Workshop4th Mobile Security Technologies Workshop 2015
Abbreviated titleMoST 2015
Country/TerritoryUnited States
CitySan Jose
Period21/05/1521/05/15
Internet address

Fingerprint

Dive into the research topics of 'Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps'. Together they form a unique fingerprint.

Cite this