Interest in Android security is at an all time high with the release of Android L and other recent moves to make Android a more secure mobile enterprise operating system. One Android security player you shouldn’t lose sight of is Webroot. I’ve been testing out their cloud-based SecureAnywhere Premier product for about a month now on my Samsung Galaxy Tab 3 recently updated to Android 4.4.2 KitKat. Webroot graciously supplied me with an evaluation version.
Webroot SecureAnywhere Premier scans for threats and malicious behavior, monitors which apps can access your information and drain your battery. It can also remotely locate, lock, and wipe your device if it’s lost or stolen.
Getting Started with Webroot SecureAnywhere Premier
Webroot SecureAnywhere Premier is available as a download from Google Play. There’s a fee-based premier version and a free version. For purposes of this article, I downloaded the free version and upgraded it to Webroot SecureAnywhere Premier with a serial number provided to me by Webroot.
Note: I’ve marked premier only features in the text.
After downloading the app from Google Play, you have the option to login to your existing Webroot account or to setup a new account. The setup is standard stuff except less experienced Android users who tap on the About button instead of might find themselves stuck on the About screen for the app. You need to setup an account in order to login to the SecureAnywhere web portal.
Activating Device Administration happens after you setup your Webroot account. The Activate device administrator dialog box is well designed and clearly written.
SecureAnywhere is set it and forget it – a must have and necessary option for mobile users of all technical abilities. Goof proofing mobile security for users as much as possible is a must have in my “mobile security book”.
Setting up security options
Setting up security was well thought out. I chose the PIN option for security. While the initial scan of my Galaxy Tab showed no problems detected (Then again this tablet doesn’t get out much). The Security screen is a bit bare bones and while that’s cool for most Android users, more novice Android users could benefit with a bit more information about the Antivirus and Secure Web Browsing options.
Securing identity and privacy
The Identity and Privacy options include Lost Device Protection and an App Inspector which sees what information your apps have access to on your device. When you first open the Identity & Privacy screen, you’ll be prompted that there are items that need your attention. The below figure shows an example of the Identity and Privacy screen:
Lost device protection
While Webroot SecureAnywhere lost device protection features are flirting with mobile device management (MDM) and enterprise mobility management (EMM), that’s not necessarily a bad thing and makes Webroot Security Anywhere attractive for small to medium businesses (SMBs), freelancers, and contractors seeking a reliable and cost effective cloud-based Android security solution. It includes the following lost device features:
- Lock Android device if it’s lost or stolen
- Locate Android device via the device’s GPS
- Sound an alert (Webroot calls this “scream”) to help you find your device nearby
- Erase your data from the device if lost or stolen (Premier feature only)
- Lock your device automatically if someone removes the SIM card (Premier feature only)
When I tapped on Lost Device Protection, I could see that Device Protection was already set to ON. I turned on Password Protection to protect my device’s uninstall and device administrator settings. The below figure shows an example of the Lost Device Protection screen:
There’s also a Command Log option at the bottom of the screen that provides an audit trail of Lost Device Protection commands that have been received.
The App Inspector (Premier feature) was the most interesting part of the security app for me since some of my past writing around Android and enterprise mobile security has touched upon Android app and network connection concerns. The App Inspector identifies apps which:
- Access messages from SMS and MMS
- Make phone calls for additional costs without notifying you
- Access information from your account that could put you at risk for identity theft
- Track your location via GPS or network
For example, the below figure shows the apps the potentially have access to sensitive information on my device:
You can View battery usage information, and monitor which apps are accessing the network (Premier feature). The Battery Monitor is well designed and easy to read.
The Network Monitor can offer an illuminating picture of which apps are accessing the network. I recommend that users new to Android security or who want to learn more about how their device interacts with the network check this out (especially if you use public Wi-Fi on a frequent basis.) This shows an example of what you see in the Network Monitor:
SecureAnywhere on the Web
With a security question like “Please enter the FOURTH and FIFTH characters of your Security Code (case sensitive)” for login confirmation for the web login, you might get annoyed by logging into the web portal for your account. However, after you login and click on Mobile Security, you have access to a well-designed portal where you can manage the mobile devices on your account and view:
- Security Status
- Lost Device Protection
There’s a lot to like in Webroot Security Anywhere starting with its easy setup and features that can meet the needs of consumer through corporate Android users. The lost device features should be attractive to SMBs and others, who aren’t quite ready to commit to a full-blown MDM/EMM solution.