Troubleshooting Mobile Device Security – CompTIA A+ 220-1102 – 3.5

Our mobile devices need to be a secure store of private and sensitive data. In this video, you’ll learn about developer mode, root access, app spoofing, fake security warnings, and more.

The software that we install on our phones, our tablets, and our computers needs to be trusted. That’s because the software we install on these devices has a great deal of access to the operating system, our personal files, and other parts of the operating system itself. If you have an Android device, you can install software from any source. You just need the APK file, which stands for the Android Package Kit file, and then you can install that application on your Android device.

This is why we always say to never install software on a device unless you already trust the source. This is a bit easier with iOS and iPadOS because anything you would download to those devices is coming directly from the Apple App Store. Apple spends a lot of time testing the apps that go onto the App Store, and they will only allow you to download it once they’ve curated that software.

For an Android device, it’s best if you download the apps from a trusted App Store like Google Play. You do have the option to download and install APCs from other sources. We refer to that process as sideloading because you’re not downloading from a trusted App Store. Our mobile devices support a function that’s primarily used by developers, but it can also be used to help troubleshoot the device.

This is developer mode and allows you access to view information through USB debugging, you can look at memory statistics and their settings to run the device in a demo mode. To be able to use these developer functions and view the log files in an iOS or iPadOS device, you would need to use Xcode which is software that would run in Mac OS. To put your Android device in developer mode, you would enable inside of settings and about phone and then you would tap the build number 7 times.

One thing you may have noticed when using your mobile phone or your tablet is that you don’t have direct access to the operating system. These devices are purpose built systems, and your access to these devices is through the user interface that they provide as part of the OS. But there are technologists that have found ways to get more access to the operating system of these devices. In Android, we refer to this as rooting. In an Apple iOS, it’s called jailbreaking.

In either of these operating systems, you’re replacing the firmware that would normally be on that device with firmware that’s been modified. That modified firmware now allows you access into the core of the operating system itself. This also means that the security features that are normally enabled on these devices no longer exist. So you can sideload apps without going to an App Store, and if this device is managed by an MDM, performing this jailbreaking or rooting function will remove any of that MDM functionality.

Another concern on these mobile devices are applications that pretend to be one thing but actually are malicious software. This is called application spoofing. And we had an instance of this in 2021 where Google removed 150 apps from their App Store that were not legitimate applications. Some of these were photo editing camera filters, games, and other utilities. And one app called ultimate SMS successfully subscribed users to a $40 a month SMS service.

For example to build applications for iOS or iPadOS, you would use Xcode which is software provided by Apple. There is a malicious version of Xcode called XcodeGhost which includes malware which ultimately gets added to whatever application you’re developing. When you install software, you’re giving it access to your device and to your data. So you want to be sure that whatever you’re installing comes from a trusted source.

One thing that might clue you in to a potential security concern is a large amount of data transferred in or out of your mobile device. This may indicate that there’s some malware that’s already installed on your device, or there may be command and control signals that are being sent from a central source to your mobile device. Fortunately, many of our mobile operating systems include a series of reports that can tell us exactly what type of network traffic is being used and what application is using that network traffic.

You may want to look through those reports to see if one or more applications is using more network traffic than usual. There are also a number of third party reporting tools. And as long as you’re downloading them from a trusted source, they can provide you with a wealth of information. And of course, if you ever suspect that there’s malware running on your mobile device, you can simply run a malware scan and see if it happens to find anything obvious.