Viewing vulnerability details for an Android device

NOTE  Absolute stopped supporting the Absolute agent for Android in February 2022. If you are using the Android agent on your devices, it will continue to call in to the Absolute Monitoring Center with updated data. However, no new versions of the agent will be released, including updates for bug fixes.

The Android Vulnerability page shows details about the specific data points used to determine an Android device's Overall Vulnerability rating. This page also provides remediation guidelines to help you address the specific vulnerabilities detected on the device.

To view a device's Android Vulnerability page:

  1. Do one of the following:
    • In the results grid of the Android Vulnerability report, click the linked percentage value in a device's Overall Vulnerability (%) column.
    • In the results grid of any report:
      1. Click the Identifier of the Android device that you want to view. The device's Device Details page opens.
      2. Click the Android Vulnerability tab.

    The Android Vulnerability page shows and the following information about the device shows on the work area toolbar:

    The device's Overall Vulnerability shows under the page title.

    Overall Vulnerability is a calculated value, expressed as a percentage, that represents the exposure to risk posed by the state of the hardware and software detected on an Android device. The higher the percentage value, the greater the vulnerability. The value is color-coded as follows:

    Vulnerability rating

    Color

    Applies to ...

    High

    Red

    Percentage values between 51% and 100%

    Medium

    Amber

    Percentage values between 18% and 50%

    Low

    Black

    Percentage values below 18%

    The grid on this page shows detailed information about the following data points, which are used to calculate the device's Overall Vulnerability rating.

    Data point

    Description

    Vulnerability details

    Suggested remediation

    Base Security

    Device Rooted

    Indicates whether it is a rooted device A process that enables the user of an Android device to access the Android operating system and make software code changes. This process puts the device at greater risk of damage and security vulnerabilities and is not advisable.

    Possible values are:

    • Yes
    • No
    • Unknown

    Rooted devices are more vulnerable than non-rooted devices.

    If the value is Yes, un-root the device.

    OS Version

    The version number of the operating system

    Older versions of the Android operating system tend to be more vulnerable than newer versions.

    If the device is running Android 5.x or lower, upgrade to a more recent Android version.

    Security Patch Level

    The version number of the most recent security patch detected on the device

    This value is expressed as a date.

    Security patches are released to address security vulnerabilities, or to improve usability or performance. Staying up-to-date with security patches reduces a device's vulnerability. The availability of patches depends on the manufacturer and your service carrier.

    If the patch level is not up-to-date, apply the latest security update.

    GMS Certified Device

    Indicates whether the device is a GMS certified device Google Mobile Services (GMS) is a collection of popular Google applications and APIs, such as Google Chrome, YouTube, and Google Search. To enable Android device manufacturers to include these apps out-of-the-box, their devices must be certified by Google. To be certified, devices must comply with the Android Compatibility Definition Document (CDD) and pass the Compatibility Test Suite (CTS)..

    Possible values are:

    • No
    • Yes
    • Unknown

    Devices that are GMS certified tend to be less vulnerable. For example, they are more secure than uncertified devices, less susceptible to malware, and more likely to be up-to-date. For more information about GMS and Android compatibility, refer to https://source.android.com/compatibility/.

    Use GMS certified devices only

    ROM Type

    Indicates whether a custom ROM is detected on the device

    Possible values are:

    • Custom
    • OEM
    • Unknown

    A stock ROM, built by the manufacturer (OEM), is likely to have fewer issues than a custom ROM.

    None

    Bootloader Unlock Available

    Indicates whether the user is able to unlock the device's bootloader

    Possible values are:

    • Yes
    • No
    • Unknown

    Unlocking an Android device's bootloader is the first step to rooting and flashing custom ROMs. A user's ability to unlock the bootloader depends on the device's manufacturer, model, and service carrier.

    None

    Software Security

    ADB Enabled

    Indicates whether the USB debugging setting is enabled on the device

    Possible values are:

    • Yes
    • No
    • Unknown

    Android Debug Bridge (ADB) is a command-line tool, included with Google’s Android SDK, that allows a user to move files, install and uninstall apps, and run scripts by connecting an Android device to a computer. This tool requires that the USB debugging setting is enabled on the device, which increases the risk of malware.

    If the value is Yes, disable the device's USB debugging setting in Developer options.

    Unknown Sources Install

    Indicates whether the Unknown sources setting is enabled on the device

    Possible values are:

    • Yes
    • No
    • Unknown

    The Unknown sources setting controls whether the user can install apps from sources other than the Google Play Store (side loading). When this setting is enabled, the device is more susceptible to malware.

    If the value is Yes, disable the device's Unknown sources setting.

    Google App Verification Level

    Indicates whether the Verify apps via USB setting is enabled on the device

    Possible values are:

    • None
    • Only Google Play
    • All Apps
    • Unknown

    Verify Apps scans apps for malware if the app came from a source other than the Google Play Store.

    If the value is None or Only Google Play, enable the device's Verify apps via USB setting.

    Google App Verification Frequency

    Indicates whether the Scan device for security threats setting is enabled in Verify Apps.

    Possible values are:

    • Install/Update only
    • Install/Update & Scan
    • Unknown

    When the Scan device for security threats setting is enabled, the value in this column is Install/Update & Scan.

    App verification occurs when an app is installed or updated, but Verify Apps can be configured to also scan apps periodically. Periodic scanning is recommended.

    If the value is Install/Update only, enable the device's Scan device for security threats setting.

    Secondary (Non-Google) Google App Verification

    Indicates whether a third party (non-Google) anti-malware app is detected on the device

    Possible values are:

    • No
    • Yes
    • Unknown

    Android anti-malware software is recommended if the user installs apps from sources other than the Google Play Store.

    If the value is No, consider installing an anti-malware application on the device.

    Access Security

    Lock Screen Protection

    Indicates whether a password, PIN, pattern, or fingerprint is required to unlock the device

    Possible values are:

    • No
    • Yes
    • Unknown

    If a device's Screen lock setting is set to Swipe or None, the device is more susceptible to unauthorized access.

    If the value is No, update the device's Screen lock setting to a password, PIN, pattern, or fingerprint.

    Screen Timeout Lock

    The number of seconds or minutes that can elapse before the idle device is locked

    This value maps to the Screen timeout setting.

    When a device has a long timeout period, the risk of someone gaining access to the unlocked and unattended device increases.

    If the value corresponds to a long timeout period, reduce the number of minutes set in the device's Screen timeout setting.

    If the Screen timeout setting is not set, set it.

    Device Encrypted

    Indicates whether the device is encrypted

    Possible values are:

    • No
    • Yes
    • Unknown

    On some devices running Android 5.x or higher, encryption is enabled by default; on others, it needs to be enabled. Encryption is recommended but it may slow performance on some lower-powered devices.

    If the value is No, enable the device's Encryption setting.

    SD Card Encrypted

    Indicates whether the SD card is encrypted

    Possible values are:

    • No
    • Yes
    • Unknown

    By default, removable media, such as SD cards, are not encrypted. Encrypting your SD card guarantees that if the card is removed from the device, it can't be read.

    NOTE  Support for encryption of a removable SD card depends on the card manufacturer.

    If you encrypt the SD card, be aware that the card can’t be used on another device without first decrypting it.

    Device Changes

    Mac Address Change

    Indicates whether the Mac Address has ever changed

    Possible values are:

    • Today
    • <#> Days Ago
    • Never
    • Unknown

    A changed Mac address may indicate that the user is trying to hide or change the identity of the device, possibly in the case of fraud, or a lost or stolen device.

    Verify the reason for the change.

    IMEI Change

    Indicates whether the IMEI has ever changed

    Possible values are:

    • Today
    • <#> Days Ago
    • Never
    • Unknown

    A changed IMEI may indicate that the user is trying to hide or change the identity of the device, possibly in the case of fraud, or a lost or stolen device.

    Verify the reason for the change.

    IMSI/SIM Card Change

    Indicates whether the IMSI or SIM card has ever changed

    Possible values are:

    • Today
    • <#> Days Ago
    • Never
    • Unknown

    A SIM card change may be a valid operation. For example, a user may change their service carrier, or they want to avoid roaming charges.

    However, a SIM change may also indicate the user is trying to hide or change the identity of the device in the case of a lost or stolen device.

    None.

    Factory Data Reset

    Indicates whether a factory reset has ever been performed

    Possible values are:

    • Today
    • <#> Days Ago
    • Never
    • Unknown

    A Factory Data Reset restores the device to its factory settings. This action may be a valid operation, or it may indicate that the user is trying to hide or change the identity of the device in the case of a lost or stolen device.

    Verify the reason for the Factory Data Reset.