We get some further questions answered by Simon Roses with regard to the flaws of anti-theft products available on the market as well as relevant security tips.
– Have you encountered spyware or malware inside legitimate anti-theft products?
– None in any of the products we have examined, but it doesn’t mean it couldn’t exist. We did study 40 products but for sure there are many more. The products in the official markets should be free of malware.
– Are you aware of any cases when anti-theft products help tracing the real robber? Do you have any stats on how many devices were returned to owners with the help of anti-theft software?
– It is really hard to find such stats, some anti-theft vendors put out some numbers of success recovered cases to help them with marketing but we cannot guarantee the authenticity of those claims.
– Does it require strong tech skills to steal a phone and not get traced, or anyone can just find several YouTube videos and do it?
– To steal a phone is not hard at all but to break its security requires more skills if the device is secured. We can find all kind of resources – videos, books, etc. – on how to break and secure mobiles.
– Are anti-theft products equally bad among all operating systems or maybe some OS (Android/iOS) offer better anti-theft software?
– All products have common threats, and depending on the platform they can also have specifics threats. It is not about the platform but how well the product was developed.– You found that none of the anti-theft products could really do a secure wipe. It’s a big issue when small and big vendors just fool their customers and do not do what they claim. What do you think?
– We were really surprised to uncover that none of the anti-theft products have secure wipe features; instead they just call the operating system to delete a file or perform a factory reset, so information can be recovered. We think this is a serious issue and anti-theft products are making false claims and charging for it.
– Can you recommend any specific anti-theft solution that is really secure and does what it claims?
– We prefer not to mention any product but I will say that in this case anti-virus products are a bit better, AV from top players mostly.
– Do you know how widely application vulnerability scanners and static code analysis tools are used among mobile software developers? The problem with such tests is they are run during short time periods and not too often whereas attackers have all their time 24/7/365 to hack into anything. What do you think?
– In our experience many software developer houses do not use this kind of security tools at all due to several reasons (lack of resources or trained staff, etc.). In our security application services at VULNEX we help clients to adopt an application assurance program that fits their needs. We help them using this kind of tools and more to develop secure and high quality products.
– Please advise our readers who already installed anti-theft software or other security software on how to use it effectively and securely.
– Well, we will recommend doing a Google search on what others say about the product and search for its vulnerability history. From a user perspective there are several things to do: