Viewing vulnerability details for an Android device

IMPORTANT Absolute stopped supporting the Absolute agent for Android in February 2022. You can no longer download the Absolute agent for Android. If you are currently using the agent on your Android devices, it will continue to call in to the Absolute Monitoring Center with updated data. However, no new versions of the agent will be released, including updates for bug fixes.

The Android Vulnerability page shows details about the specific data points used to determine an Android device's Overall Vulnerability rating. This page also provides remediation guidelines to help you address the specific vulnerabilities detected on the device.

To view a device's Android Vulnerability page:

Do one of the following:

In the results grid of the Android Vulnerability report, click the linked percentage value in a device's Overall Vulnerability (%) column.
In the results grid of any report:
1. Click the Identifier of the Android device that you want to view. The device's Device Details page opens.
2. Click the Android Vulnerability tab.

The Android Vulnerability page shows and the following information about the device shows on the work area toolbar:

The device's Overall Vulnerability shows under the page title.

Overall Vulnerability is a calculated value, expressed as a percentage, that represents the exposure to risk posed by the state of the hardware and software detected on an Android device. The higher the percentage value, the greater the vulnerability. The value is color-coded as follows:

Vulnerability rating	Color	Applies to ...
High	Red	Percentage values between 51% and 100%
Medium	Amber	Percentage values between 18% and 50%
Low	Black	Percentage values below 18%

The grid on this page shows detailed information about the following data points, which are used to calculate the device's Overall Vulnerability rating.

Data point	Description	Vulnerability details	Suggested remediation
Base Security
Device Rooted	Indicates whether it is a rooted device A process that enables the user of an Android device to access the Android operating system and make software code changes. This process puts the device at greater risk of damage and security vulnerabilities and is not advisable. Possible values are: Yes No Unknown	Rooted devices are more vulnerable than non-rooted devices.	If the value is Yes, un-root the device.
OS Version	The version number of the operating system	Older versions of the Android operating system tend to be more vulnerable than newer versions.	If the device is running Android 5.x or lower, upgrade to a more recent Android version.
Security Patch Level	The version number of the most recent security patch detected on the device This value is expressed as a date.	Security patches are released to address security vulnerabilities, or to improve usability or performance. Staying up-to-date with security patches reduces a device's vulnerability. The availability of patches depends on the manufacturer and your service carrier.	If the patch level is not up-to-date, apply the latest security update.
GMS Certified Device	Indicates whether the device is a GMS certified device Google Mobile Services (GMS) is a collection of popular Google applications and APIs, such as Google Chrome, YouTube, and Google Search. To enable Android device manufacturers to include these apps out-of-the-box, their devices must be certified by Google. To be certified, devices must comply with the Android Compatibility Definition Document (CDD) and pass the Compatibility Test Suite (CTS).. Possible values are: No Yes Unknown	Devices that are GMS certified tend to be less vulnerable. For example, they are more secure than uncertified devices, less susceptible to malware, and more likely to be up-to-date. For more information about GMS and Android compatibility, refer to https://source.android.com/compatibility/.	Use GMS certified devices only
ROM Type	Indicates whether a custom ROM is detected on the device Possible values are: Custom OEM Unknown	A stock ROM, built by the manufacturer (OEM), is likely to have fewer issues than a custom ROM.	None
Bootloader Unlock Available	Indicates whether the user is able to unlock the device's bootloader Possible values are: Yes No Unknown	Unlocking an Android device's bootloader is the first step to rooting and flashing custom ROMs. A user's ability to unlock the bootloader depends on the device's manufacturer, model, and service carrier.	None
Software Security
ADB Enabled	Indicates whether the USB debugging setting is enabled on the device Possible values are: Yes No Unknown	Android Debug Bridge (ADB) is a command-line tool, included with Google’s Android SDK, that allows a user to move files, install and uninstall apps, and run scripts by connecting an Android device to a computer. This tool requires that the USB debugging setting is enabled on the device, which increases the risk of malware.	If the value is Yes, disable the device's USB debugging setting in Developer options.
Unknown Sources Install	Indicates whether the Unknown sources setting is enabled on the device Possible values are: Yes No Unknown	The Unknown sources setting controls whether the user can install apps from sources other than the Google Play Store (side loading). When this setting is enabled, the device is more susceptible to malware.	If the value is Yes, disable the device's Unknown sources setting.
Google App Verification Level	Indicates whether the Verify apps via USB setting is enabled on the device Possible values are: None Only Google Play All Apps Unknown	Verify Apps scans apps for malware if the app came from a source other than the Google Play Store.	If the value is None or Only Google Play, enable the device's Verify apps via USB setting.
Google App Verification Frequency	Indicates whether the Scan device for security threats setting is enabled in Verify Apps. Possible values are: Install/Update only Install/Update & Scan Unknown When the Scan device for security threats setting is enabled, the value in this column is Install/Update & Scan.	App verification occurs when an app is installed or updated, but Verify Apps can be configured to also scan apps periodically. Periodic scanning is recommended.	If the value is Install/Update only, enable the device's Scan device for security threats setting.
Secondary (Non-Google) Google App Verification	Indicates whether a third party (non-Google) anti-malware app is detected on the device Possible values are: No Yes Unknown	Android anti-malware software is recommended if the user installs apps from sources other than the Google Play Store.	If the value is No, consider installing an anti-malware application on the device.
Access Security
Lock Screen Protection	Indicates whether a password, PIN, pattern, or fingerprint is required to unlock the device Possible values are: No Yes Unknown	If a device's Screen lock setting is set to Swipe or None, the device is more susceptible to unauthorized access.	If the value is No, update the device's Screen lock setting to a password, PIN, pattern, or fingerprint.
Screen Timeout Lock	The number of seconds or minutes that can elapse before the idle device is locked This value maps to the Screen timeout setting.	When a device has a long timeout period, the risk of someone gaining access to the unlocked and unattended device increases.	If the value corresponds to a long timeout period, reduce the number of minutes set in the device's Screen timeout setting. If the Screen timeout setting is not set, set it.
Device Encrypted	Indicates whether the device is encrypted Possible values are: No Yes Unknown	On some devices running Android 5.x or higher, encryption is enabled by default; on others, it needs to be enabled. Encryption is recommended but it may slow performance on some lower-powered devices.	If the value is No, enable the device's Encryption setting.
SD Card Encrypted	Indicates whether the SD card is encrypted Possible values are: No Yes Unknown	By default, removable media, such as SD cards, are not encrypted. Encrypting your SD card guarantees that if the card is removed from the device, it can't be read. NOTE Support for encryption of a removable SD card depends on the card manufacturer.	If you encrypt the SD card, be aware that the card can’t be used on another device without first decrypting it.
Device Changes
Mac Address Change	Indicates whether the Mac Address has ever changed Possible values are: Today <#> Days Ago Never Unknown	A changed Mac address may indicate that the user is trying to hide or change the identity of the device, possibly in the case of fraud, or a lost or stolen device.	Verify the reason for the change.
IMEI Change	Indicates whether the IMEI has ever changed Possible values are: Today <#> Days Ago Never Unknown	A changed IMEI may indicate that the user is trying to hide or change the identity of the device, possibly in the case of fraud, or a lost or stolen device.	Verify the reason for the change.
IMSI/SIM Card Change	Indicates whether the IMSI or SIM card has ever changed Possible values are: Today <#> Days Ago Never Unknown	A SIM card change may be a valid operation. For example, a user may change their service carrier, or they want to avoid roaming charges. However, a SIM change may also indicate the user is trying to hide or change the identity of the device in the case of a lost or stolen device.	None.
Factory Data Reset	Indicates whether a factory reset has ever been performed Possible values are: Today <#> Days Ago Never Unknown	A Factory Data Reset restores the device to its factory settings. This action may be a valid operation, or it may indicate that the user is trying to hide or change the identity of the device in the case of a lost or stolen device.	Verify the reason for the Factory Data Reset.