Troubleshooting Mobile Device Security – CompTIA A+ 220-1102 – 3.5

Our mobile devices need to be a secure store of private and sensitive data. In this video, you’ll learn about developer mode, root access, app spoofing, fake security warnings, and more.

The software that we install on our phones, our tablets, and our computers needs to be trusted. That’s because the software we install on these devices has a great deal of access to the operating system, our personal files, and other parts of the operating system itself.

If you have an Android device, you can install software from any source. You just need the APK file, which stands for the Android Package Kit file. And then you can install that application on your Android device. This is why we always say to never install software on a device, unless you already trust the source.

This is a bit easier with iOS and iPadOS. Because anything you would download to those devices is coming directly from the Apple App Store. Apple spends a lot of time testing the apps that go onto the App Store. And they will only allow you to download it once they’ve curated that software.

For an Android device, it’s best if you download the apps from a trusted App Store like Google Play. You do have the option to download and install APKs from other sources. We refer to that process as sideloading, because you’re not downloading from a trusted App Store.

Our mobile devices support a function that’s primarily used by developers, but it can also be used to help troubleshoot the device. This is developer mode. It allows you access to view information through USB debugging. You can look at memory statistics. And there are settings to run the device in a demo mode.

To be able to use these developer functions and view the log files in an iOS or iPadOS device, you would need to use Xcode, which is software that would run in macOS. To put your Android device in developer mode, you would enable inside of Settings and About Phone. And then you would tap the build number seven times.

One thing you may have noticed when using your mobile phone or your tablet is that you don’t have direct access to the operating system. These devices are purpose built systems. And your access to these devices is through the user interface that they provide as part of the OS. But there are technologists that have found ways to get more access to the operating system of these devices. In Android, we refer to this as rooting. And in Apple iOS, it’s called jailbreaking.

In either of these operating systems, you’re replacing the firmware that would normally be on that device with firmware that’s been modified. That modified firmware now allows you access into the core of the operating system itself. This also means that the security features that are normally enabled on these devices no longer exist. So you can sideload apps without going to an App Store. And if this device is managed by an MDM, performing this jailbreaking or rooting function will remove any of that MDM functionality.

Another concern on these mobile devices are applications that pretend to be one thing, but actually are malicious software. This is called application spoofing. And we had an instance of this in 2021 where Google removed 150 apps from their App Store that were not legitimate applications. Some of these were photo editing, camera filters, games, and other utilities. And one app called UltimaSMS successfully subscribed users to a $40 a month SMS service.

For example, to build applications for iOS or iPadOS, you would use Xcode, which is software provided by Apple. There is a malicious version of Xcode called XcodeGhost which includes malware, which ultimately gets added to whatever application you’re developing.

When you install software, you’re giving it access to your device and to your data. So you want to be sure that whatever you’re installing comes from a trusted source. One thing that might clue you in to a potential security concern is a large amount of data transferred in or out of your mobile device. This may indicate that there’s some malware that’s already installed on your device. Or there may be command and control signals that are being sent from a central source to your mobile device.

Fortunately, many of our mobile operating systems include a series of reports that can tell us exactly what type of network traffic is being used and what application is using that network traffic. You may want to look through those reports to see if one or more applications is using more network traffic than usual.

There are also a number of third-party reporting tools. And as long as you’re downloading them from a trusted source, they can provide you with a wealth of information. And of course, if you ever suspect that there’s malware running on your mobile device, you can simply run a malware scan and see if it happens to find anything obvious.

If you’re using an Android device, it can warn you if it’s using a certain amount of network traffic. This is not a feature available in iOS or iPadOS. This allows you to set a warning and set a limit. So if there’s an excessive amount of traffic, you may be able to get an early warning that there’s a problem on your system by examining the data usage.

If you receive a warning that you’re using a lot of data on this device, it could be malware that’s causing the problem. So you may want to refer back to that report to see exactly what apps are using the most data. And ultimately, you may want to run a malware scan, just to make sure there’s no malicious software running on your mobile device.

We might also have times when our mobile devices are running slowly or have very sluggish response. And if that’s the case, we may want to restart the device and see if this problem continues after the restart. We could have just run into some buggy code. So updating the operating system or the applications could solve this problem as well.

In some cases, you may be hitting the limits of what this device can do. So you may want to close some of the apps to free up resources for what you’re currently running. And if you think the problem is associated with the software that’s on your device, performing a factory reset would take everything back to an original point. And then you can install the applications you need.

If malware does find its way onto your mobile device, it will try to prevent you from removing it from that device by limiting what sites you can go to on the internet. You may be able to get around this by changing some of your network settings. So disabling and enabling Wi-Fi might allow you access to certain sites.

You might also try restarting the device to clear out the memory and see if you’re able to access those sites after the restart. And ultimately, running a malware scan might be able to give you more insight as to whether this problem is associated with a software bug or if it’s something more malicious.

One way to tell if you’ve got malware on your device is that you’re seeing a lot of ads show up on your screen. This is an easy way for the malware authors to make money by forcing you to watch these ads. Unfortunately, trying to protect your device could inadvertently cause more problems.

In 2019, an app called Ads Blocker for Android made the promise that it would remove all ads from the device. In reality, this was a Trojan Horse posing as something that was good, but in reality was designed to provide you with a lot more ads on your screen. And once users installed this app, they effectively were installing the FakeAdsBlock malware and were getting a lot more ads being shown to them on their mobile device.

Your only choice at that point is to find some anti-malware that can remove that malware and clear all of those ads from showing on your device. Malware authors are constantly trying to get people to install their software. And one way to do this is scaring them into performing an installation by showing a message on the screen saying that your device is already infected and you need to download their software to be able to remove this infection.

This is obviously a hoax. There is no malware on your system. But these messages seem very legitimate. And it seems like you should be installing additional software to remove them. But in reality, you’re simply installing more malware. Once this malware is on your system, it can request additional access to your data. So it might ultimately be able to see credit card information, text messages, emails, and much more.

If you do happen to see a message like this pop up, do not click the links. And if you do click the links, make sure you run a malware scan to be sure that your system is not infected. One type of security issue might show itself in applications you use all the time. This might be an application you use very often.

But now, it’s suddenly closing unexpectedly. Or it has a number of delays that weren’t normally seen when you’ve used it before. You might also notice that the app itself doesn’t have the features that you remember the app having. This could indicate that the app has been replaced by malware or there’s some other type of software that’s running on your mobile device.

Another odd characteristic might be that you’re getting a lot of battery usage and CPU utilization when running this particular app. This could certainly indicate that the application itself needs a software update. Or it could indicate that there’s malware running on your system. So updating the app and checking for malware would be a good next step to prevent any type of infection.

One of the things you don’t want to have happen is suddenly log on to the internet and find your personal information has been uploaded to a public website. This happens all too often when someone gains unauthorized access to our mobile devices. One of the first things you should do is try to find the source of all of this leaked data. You might want to scan your applications and run an anti-malware scan on your device to see if there’s additional software running that you weren’t expecting.

If you believe the data breach did occur from your mobile device, then you might want to simply perform a factory reset and delete everything that’s on that phone so that you can restore a known good operating system on the device. And of course, we do keep a lot of our personal data in different locations.

So you want to check your credentials for Apple iCloud, Google Workspace, Microsoft OneDrive, and any other cloud service that might contain that personal information. It could be that the attacker gained access to the copy of your data that’s located in the cloud.