Review: How secure is your mobile data – what options do you have?
Editor’s Note: This is a comparison between two paid security softwares, and not of the many free options. Some of which are Cerberus, Lookout, Prey and Where’s My Droid, which we at Android Australia highly recommend if you’re not after a paid version.
Written (beautifully) by Richard Taylor.
What do you have stored on your mobile? Phone numbers and addresses? Your ATM PIN in a text file because you can never remember it? Passwords to various web sites? Business and personal email messages?
As mobiles and tablets get more powerful, we use them more and more like personal computers. The difference is, these devices come everywhere with us. Unfortunately their small size and portability is also their biggest downfall in terms of data security.
WHAT IF THEY REALIZE THE VALUE OF THE DATA THEY HOLD? THAT ATM PIN. PHONE NUMBERS…
No matter if you leave your phone on a table at a café, in a cab, or it’s stolen from your bag its loss can have serious consequences. A thief might do no more damage than make a few international phone calls or try to sell your phone, but what if they realize the value of the data they hold? That ATM PIN. Phone numbers of your clients. Notes from the business meeting you just attended.
Just how secure is your mobile? Android’s face lock feature is known to be insecure with even a simple photo fooling it. A 4 digit PIN can be guessed easily, especially if the thief also grabbed your bag with other personal information to give them clues to what your PIN might be. Password protecting your device is the first step, but that won’t help against the growing mobile virus threat.
Some threats come as part of apps that actually contain malicious code. Others arrive via text messages, and replicate themselves by replying to incoming messages with an infected attachment. Yet more are dispersed via QR codes or NFC chips that tell your phone to download a malicious file.
Sidebar: Quick Response (QR) Codes
The popularity of QR codes in Australia is increasing. We are seeing them on billboards, in newspapers and magazines, in store catalogues and even on web sites. They are a way for people to convert a web link into a bar code that can easily be scanned and processed by a user simply by taking a photo of the code on their phone.
They are fast, convenient and dangerous! Used in combination with link shortening, it can be very difficult for a user to know in advance if the code is safe to use or what site the code will open.
QR codes have already been used to install Trojans on Android phones. They generally trick the user into spreading the Trojan by downloading an ‘update’ to some software or clicking a button to prove you’re human. Once installed on your device, the Trojan is then able to send messages to your contacts.
Because Android is a relatively open platform, it is easier for malware developers to write and distribute applications. Android’s increasing popularity is another major drawcard to these nefarious developers.
According to Symantec, over 13,000 malicious Android APKs (application packages) have been identified to date with around 10,000 of those identified just this year.
Symantec’s data shows that more than half of all Android threats collect device data or track users’ activities. Almost a quarter of the mobile threats identified in 2011 were designed to send content and one of the most popular ways for phone malware authors to make money is by sending premium SMS messages from infected phones. This technique was used by 18% of mobile threats identified in 2011. Increasingly, phone malware does more than send SMS. For example, attacks that track the user’s position and steal information.
Recognising the growing need to protect handheld devices, two of the big guns in desktop security also have products for mobile and tablets:
- Symantec offers two products: Norton Anti-Theft and Norton Mobile Security
- Kaspersky has their Mobile Security product
|Kaspersky Mobile Security||Norton Mobile Security||Norton Anti-Theft for Mobile and Tablet|
|Remote Locate||SMS||Web or SMS*||Web or SMS|
|Remote Lock||SMS||Web or SMS*||Web or SMS|
|Photo of User||-||Yes||Yes|
|Call & Text Filter||Yes||Yes*||-|
|Trusted Unlock Numbers||-||Yes*||-|
|Fraudulent (Phishing) Web Protection||Yes||Yes||-|
|Download File Protection||Yes||Yes||-|
|Full File Scan Protection||Yes||Yes||-|
|Android Version||2.2 or later||2.2 or later||2.2 or later|
|Annual Subscription||AU$49.95 per device||AU$29.99 per device||AU$49.99 up to 3 devices|
As you can see above, the feature offering from both Kaspersky and Norton’s mobile security product is fairly similar, but what do all those features mean?
As the name suggests, this allows you to locate your device if it is lost or stolen. Depending on your device and which product you purchase this can be done via SMS and web site.
This lets you use the web site or send an SMS to remotely lock your device. Great if you know where it is but don’t want to run the risk of anyone getting to your data before you can retrieve it.
If you’re worried about the data stored on your device, both vendors allow you to send an SMS that will erase all data including data on an SD card.
This feature allows you to display a message on your device. You could send an alternative contact number if someone finds your device or post a reward message.
PHOTO OF USER
One of the more intriguing features of the Norton products is called “Sneak Peek”, you can take a photo of whatever the forward-facing camera sees. This can be done manually or automatically every 10 minutes when you have put the device in ‘lost mode’. Combine this with the locate feature and you could have some great information to give to the police in case of theft. I’m not sure how they will go getting my Galaxy Note back from a zombie…
CALL AND TEXT FEATURE
A feature from both Kaspersky and Symantec, this lets you set up a “black-list” of numbers you don’t want to receive calls or texts from.
TRUSTED UNLOCKED NUMBERS
This is another useful feature from Symantec. You’ve lost your phone and sent the lock command to it, then realise it was stuck behind the sofa cushion the whole time. By setting up to three trusted numbers (friends or family) you can send an unlock command from their phone to reactive yours.
If a thief tries to change the SIM in your phone, this feature will instantly lock the device, rendering unusable (and unsaleable).
FRAUDULENT (PHISHING) WEB PROTECTION
We’ve all seen the scam emails, the sites that are almost, but not quite right. This feature will prevent you from browsing to known fraudulent web sites, helping you protect your data.
DOWNLOAD FILE PROTECTION
Automatically scan apps and app updates you download to ensure there is no malicious code or viruses.
FULL FILE SCAN PROTECTION
No matter how careful you are, rogue files can slip through. Especially if you transfer files from your computer or have rooted your phone for custom files and ROMs. Both vendors offer the ability to scan your entire device, including SD card either on a schedule or when you choose to press the button.
Worried that a thief will simply delete your chosen protection? This feature requires you to enter a passcode into the software before it can be deleted. Sure a savvy thief could wipe your phone in other ways, but hopefully you’ll be able to track it or wipe it yourself before that happens.
With both Mobile Security versions offering a similar feature set for mobiles, it was difficult to see where one product was better or worse than the other.
Neither product noticeably slowed down my device and both scanned downloaded applications quickly and without fuss, the big difference I did notice was the time required to do a full scan of my phone including the SD Card.
After 20 minutes, Kaspersky was reporting that it had scanned less than 25% of the total files. I tried to do a full scan a number of times, but as you can’t use your device with either product when a full scan is in progress, it never got to complete. By contrast, Norton Mobile Security reported a full anti-malware scan complete after less than 6 minutes and found a suspicious file in the process.
If you’re like me and own a computer (or two), a mobile, and a tablet, both companies have you covered
|Norton 360 Multi Device||Kaspersky One|
|Mac OS||10.7+||10.5 – 10.7|
|Android Mobile||2.x and higher||1.6 – 2.3, 4.0|
|BlackBerry||No||4.5 – 6.0|
|Symbian||No||Symbian^3 or Series 60 9.1, 9.2, 9.3, 9.4|
|Windows Mobile||No||5.0 – 6.5|
|Android Tablet||2.x and higher||2.2 – 4.x|
|5 Devices Per Annum||AU$129.99||AU$159.95|
So which should you choose? It’s a tough race and is very hard to pick a winner. For me the speed of the scan and the trusted number unlock feature (perfect if you just left your device at a known location and can retrieve it later) tipped the balance in Norton’s favour.
Disclaimer: Both Symantec and Kaspersky provided licensed copies of their products for review.
About the author: A self-proclaimed geek, Richard been involved in the IT industry since 1984 working in an Apple reseller the year the Macintosh was launched and personal computing history was made. He is keenly taking part in the revolution that the convergence of devices and the rise of social media are creating in the fields of communication and collaboration for both personal and business connections.