Getting to Know the Symantec Mobile Security 7.2 Client
...Or, "The Illustrated Guide to the Padlock in Your Pocket."
Hey! That Looks Cool! I want one of those.
The Mobile Security 7.2 app is Symantec's enterprise product for Android smartphones, tablets and other devices. Chances are, your corporate IT administrator will provide you with an email that describes exactly where to download and how to enroll (activate) SMS 7.2. Full details can be found in my first article, Illustrated Guide to Installing Symantec Mobile Security 7.2: read the intro, and then scroll down to the bottom for the stuff that applies to you, the end user.
One important note: you need a security product for your Android not because it looks cool, but because it will help prevent the bad guys from running up your phone bill, tracking your location, reading your text messages, snapping photos without your knowledge, secretly recording audio and all manner of other malicious stuff. See the Security Response blog and mobilesecurity.com for the latest horror stories.
Is This Thing On?
Once installed, Mobile Security is always running, even when the GUI is not open. Check out your Android's Settings, Applications, Manage Applications for details.
Also have a look at Settings, Applications, Running Services. There we are again.
Go ahead and try to stop those services. Uh-huh..... Guess what? Anything that the bad guys throw at Mobile Security will have just as little luck at knocking it down.
Let's Have a Little Look Around.
Once installed, click on the big "Mobile Security" padlock to launch the interface. (The little padlock in the system bar indicates that Mobile Security has identified a suspicious app which needs to be remedied. More on that later.)
There are listings for Anti-Malware, LiveUpdate, Web Protection and Anti-Theft. (Unlike SMS 7.2 on Windows Mobile, there is no Firewall component or Mobile Agent).
The Scan button allows you to kick off a search for malicious apps any time you like. Hopefully your administrator may also have a scan scheduled on the device, which won't need any interaction from you at all. (A scan a week is what I recommend. They usually only take a few minutes and can really help.) Here's what a scan looks like, in progress......
Here's what it looks like when it completes:
And here's one I took when the scan found something malicious (don't worry, it's just a test file from eicar.org.)
Note that Mobile Security puts that little padlock in the system bar when it finds a threat. It will occasionally nag you to remove that threat, if you don't take care of it immediately. (The Android OS prevents automatic removal without user interaction.)
It is also possible to launch a manual LiveUpdate session from the GUI, and switch Web Protection to Off, but that is otherwise about all the GUI can do. Like Symantec AntiVirus for Linux (SAVFL), it works away in the background and has a small GUI.
I Almost Stepped in That
When browsing the Internet with your Android's built-in browser, Mobile Security will keep a watchful eye out for you. If you are going toward a site that is known to contain malicious code or other threats, it will provide a warning:
It is possible to proceed anyway, of course (unblocking the website for 30 minutes). Security is ultimately up to you, not the responsibility of any one tool like SMS 7.2.
What have I Done?
If you want to see what activities Mobile Security has been doing on your Android, open the Mobile Security GUI and click the phone/tablet/device's menu button. Four new options appear.
Clicking Activity will show a list of what actions Mobile Security has been taking. Here's an example....
Most of the items relate to communications with the server (Symantec Management Platform, SMP). If there are a bunch of "Failed to download new policy" errors mixed in with the successes, don't worry. Those mean that the Android was not in touch with the server at that time (Wi-Fi turned off, or perhaps out of range of the office network.) If there are nothing but these errors, then you'd best get in touch with your IT guys!
Those tech support engineers will likely ask you for the information that is on the Settings, Account screen. They'll probably ask you to click the Refresh policies and activity button there, too. That's a good way to check in immediately with the server, rather than wait for the next scheduled synch.
Play around with the GUI a bit. Do feel free to leave comments and questions below! Here is a FAQ of common questions thus far....
Riddle Me This....
Q. Does the Mobile Security client have Auto-Protect like Symantec Endpoint Protection (SEP) client?
A. Nope. Android is a different environment with different rules and needs. Don't worry: Mobile Security will scan everything the instant it tries to install, in addition to scheduled scans and manual scans.
Q. This is my own private Android device, and my company wants me to install Mobile Security in accordance with their BYOD (Bring Your Own Device) policy. Are there any privacy issues I should be concerned about?
A. Not from Symantec. The Android can send anonymous malware detection data to Symantec as part of Community Watch (NCW), but this contains zero PII (Personally Identifiable Information). You can disable even this, if you like (Settings, General). Do ask your company's IT admin about what they have configured Mobile Security to collect and communicate to its server. This product has the capability to collect:
- phone number,
- user email addresses,
- the device's MAC address,
- and with debugging they can view the names of files scanned and URL's evaluated by Web Protection.
Admins can enable or disable the collection of each of those settings, so it all depends on your company's policy.
Q. Is this Mobile Security app going to slow my Android to a crawl, or crash it?
A. While everything that runs consumes some resources, SMS shouldn't have any noticeable performance hit on other apps.
Q. Is this Mobile Security app going to kill my battery?
A. It has been engineered not to. I have been using the product for a year and haven't seen any noticeable decrease. (You shouldn't either, unless you have been playing with the GUI for hours like I have while writing this article.) Go into Settings, About Phone, Battery Use to see what is consuming battery on your phone.
(If you do see Mobile Security consuming a significant amount of resources (for example: I saw one that had Mobile Security at 40% of battery) treat that as an indication of trouble. Investigation determined that this Android was constantly running anti-malware scans that never completed. A new release called SMS 7.2 MR1 hot fix 3 was released to fix that rare issue. As soon as the Android was upgraded to this hot fix, the battery problem was solved. Mobile Security 7.2 didn't even appear on the list, after that.)