Security Troubleshooting

Dr.Web performs diagnostics of the security of your device and helps resolving the detected problems and vulnerabilities using a special component - Security Auditor. This component is enabled automatically when the application is launched for the first time and after registering the license. The number of the detected problems is displayed on the Security Auditor section of the main application screen.



If no problems or vulnerabilities are detected by Security Auditor in the operation system of your device, the corresponding section is not displayed on the main application screen.


Resolving security problems

To review the list of the detected problems and vulnerabilities (see Figure 19), tap the Security Auditor section on the main application screen.

Click to enlarge

Figure 19. List of security problems detected on the device

Dr.Web detects the following categories of security problems: applications with highest priority of SMS processing, hidden device administrators, vulnerabilities and system settings that affect the device security. To view the detailed information on any detected problem and to resolve it, open one of the categories and tap a problem in the list.

Applications with highest priority of SMS processing

This category contains the list of the applications installed on the device that have the higher priority in SMS processing than Dr.Web. Such applications can block the operation of Dr.Web Anti-theft and SMS filtering, since they are first to process all incoming messages and commands. Sometimes such applications are malicious and may present a threat to the security of your device.

If you notice that the SMS filtering or Dr.Web Anti-theft does not work properly, try to change the priority settings of the applications in the list, if possible. These applications will disappear from the list of security problems. If you are not sure that these applications are totally safe, it is recommended to delete them from the device. To delete an application, tap Delete on the screen with the detailed information on the problem related to this application, or use the standard OS tools.

Hidden device administrators

Applications that are activated as device administrators but not shown on the list of administrators on the corresponding section of the device settings cannot be deleted by means of the operation system. Most likely, such applications are dangerous.

If you don't know why such application is not displayed in the list of device administrators, it is recommended to delete it from the device. To delete an application, tap Delete on the screen with the detailed information on the problem related to this application.

System settings

USB debugging and installing applications from unknown sources are the system settings that affect the security of the device. It is insecure to use conflicting software as well:

USB debugging is intended for developers and allows copying data from PC to the device and vice-versa, installing the applications on the device, viewing their logs and deleting them in some cases. If you are not developer and do not use the debug mode, it is recommended to turn it off. To open the corresponding device settings section, tap Settings on the screen with detailed information on the problem.
Installing applications of unknown origin is the main source of threats. Application downloaded from other source that official market (Google Play) are likely to be unsafe and present a threat to the device security. To mitigate risks of installing the unsafe applications, it is recommended to disable installation of the applications from unknown sources. To open the corresponding device settings section, tap Settings on the screen with detailed information on the problem. It is also recommended to scan for viruses all the applications you install on your device. Make sure that Dr.Web virus databases are up to date before scanning.
Software conflicts. Use of conflicting software, including web browsers that are not compatible with Cloud Checker URL filter, decreases the security level of your device, as it is not protected against the undesirable and malicious web resources. It is recommended to use and to assign as the default browser on your device one of the following browsers: the default Android browser, Google Chrome, Google Chrome Beta, Next, Amazon Silk, Yandex.Browser, Boat Browser or Boat Browser Mini.


Dr.Web detects such vulnerabilities as Master Key (#8219321), Extra Field (#9695860), Name Length Field (#9950697), Fake ID (#13678484), ObjectInputStream Serialization (CVE-2014-7911), PendingIntent (CVE-2014-8609), Android Installer Hijacking, OpenSSLX509Certificate (CVE-2015-3825) and Sragefright in the device system. They allow adding malicious code to some applications, that may result in acquisition of dangerous functions by these applications and damage the device. Dr.Web also detects the Heartbleed vulnerability, that can be used by fraudsters to access the user confidential information.

If one or more of these vulnerabilities are detected on your device, check for operation system updates on the official website of your device manufacturer. Newer versions may have these vulnerabilities fixed. If there are no updates yet, it is recommended to install applications only from trusted sources.

The device may become vulnerable to different types of threats if it is rooted, i.e. the procedure of rooting has been performed to attain control (known as "root access") over the device system. It results in ability to modify and delete system files, that may potentially damage the device. If you rooted your device yourself, it is recommended to rollback the changes for security reasons. If root access is the integral feature of your device or you need it for your everyday tasks, be extremely cautious when installing applications from the unknown sources.