Mobile security - What are you using, if any?

shochanshochan Senior MemberPosts: 866Member ■■■■■■□□□□
Just curious if you have any AV/Security Suite installed on your mobile phone.  If so, what are you running or recommending?  If not, you probably should, unless you put your phone in your faraday bag/pants every time you are not using it.

On Android, I know that they include Lookout security on some versions.  It seemed to do an alright job, but as most of you know the Play Store is always full of malware embedded in their apps, so it is apparent you definitely need it for Android phones.  I have used F-Secure AV security suite, and it runs about $20yr.  

On IOS, I know it didn't come with any AV security on it, but some assume that it is not needed...maybe you should get caught up to speed:  https://www.wired.com/story/ios-attack-watering-hole-project-zero/

On Windows, not sure many of these phones are still out there, but if they are, I would hope you are not just running Defender/MSE as the default AV.  I would recommended getting off this platform completely, just IMO. 

Also, are you still using a phone that no longer gets security updates from Android, IOS, etc?  I was on Samsung 6s Active which had  Android Nougat v7 & hasn't had an update since June 2018, so I had to get off of it.  I have since upgraded my phone and running Android Pie v9 and currently has Aug 2019 security update.

I recall reading an article earlier in the year about how mobile AV products stack up.  I believe it was from this website - pretty interesting results - https://www.av-test.org/en/antivirus/

Cheers & Hi5!
2019 goals -> CySA+ (b4 end of 2019)
"It's not good when it's done, it's done when it's good" ~ Danny Carey

Comments

  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    Hey, thanks for the heads up! I'm currently running an iPhone XS with auto-updates turned on, so I thought I was safe - evidently that's not the case! I'm wondering if AV apps will help protect my phone from OS vulnerabilities, or if their main purpose is to protect you from downloading malicious apps. I feel like I hear more and more of those "trojan-infested app" stories in the news, so there's certainly a use case regardless of OS effectiveness.

    What has your experience been with F-Secure AV on your phone? Have you gotten any use out of it so far, or has it been more of a peace of mind thing?

    I'm curious to hear others' mobile AV stories as well!
    Community Manager at Infosec!
    Who we are | What we do
  • shochanshochan Senior Member Posts: 866Member ■■■■■■□□□□
    I used F-Secure for about a year and was pretty happy with it...I switched over to Bitdefender to check it out for 30 days to see if I like it or not.  I wasn't impressed with the Win7 client of Bitdefender as it doesn't install w/o errors...I will probably not worry about as I am going to update this particular Win7 laptop with Linux soon.
    2019 goals -> CySA+ (b4 end of 2019)
    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • cyberguyprcyberguypr Senior Member Posts: 6,833Mod Mod
    Where's my crew who rides their phones with no AV and just uses common sense?
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    Where's my crew who rides their phones with no AV and just uses common sense?
    Right here! You could say I like to live life on the edge.
    Community Manager at Infosec!
    Who we are | What we do
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,874Member ■■■■■■■■□□
    As far as Enterprise Mobile security, we run MobileIron. Microsoft's Intune seems to be the way to go if you are a ATP/Azure/0365 cloud based shop though. 
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat (completed),
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 363Admin Admin
    chrisone said:
    As far as Enterprise Mobile security, we run MobileIron. Microsoft's Intune seems to be the way to go if you are a ATP/Azure/0365 cloud based shop though. 
    My old company made the jump from MobileIron to Intune when we migrated to the MS cloud. It was an actual nightmare to get everything squared away, but once we were set up, it went pretty smoothly. That being said, I'd be rich if I had a nickel for every time I overheard a tech say something like, "Oh no, we should've enrolled your device before applying the management policy. Now we have to wipe the phone and start over from the beginning!"
    Community Manager at Infosec!
    Who we are | What we do
  • DZA_DZA_ Untitled. Posts: 393Member ■■■■■□□□□□
    Where's my crew who rides their phones with no AV and just uses common sense?
    I mean, all my activity revolves primary around checking email and browsing TechExams, I don't think I really need mobile AV. 
Sign In or Register to comment.