Ever wonder how secure your mobile device really is? Do you wish there was a way for you to scan your phone for security vulnerabilities (like your PC)? Now there’s an app for that.

Duo Security, a smartphone security firm, recently launched a new mobile app called X-Ray that scans your mobile device for security vulnerabilities and bugs.  If the app detects a security flaw, it will notify the device owner that the software they are running contains unpatched flaws.  The unknown files will automatically be transmitted to Duo’s servers for complete analysis and testing.

If X-Ray determines that a device is vulnerable, Duo Security recommends checking the device settings for official software updates from the carrier; however, if no official update is available, users are urged to contact their wireless carrier about releasing an update.

If left unpatched, these vulnerabilities can potentially be exploited by malicious apps trying to obtain unrestricted access to a device and gain full control.  When it comes to fixes for these vulnerabilities, users are essentially helpless until their carrier issues an update, which typically involves a very slow process.  Once researchers detect a security flaw, it must first be patched by the original developers and added to the Android source code and incorporated into the specific phone firmware by the manufacturer before the wireless carrier can roll out an update to its users.

Slow carrier patching practices are hardly uncommon.  Once carriers sell a mobile device to a consumer, they are under no obligation to keep the device updated, therefore they are in no rush to issue a fix.  Samsung currently takes the cake for the longest delay in patching: they took 316 days to patch the Galaxy Mini smartphone after Google released an Android update.  Motorola on the other hand, issued a patch for the Droid X within 141 days.

Mobile security is becoming an increasingly major concern especially with the amount of sensitive data that each mobile phone contains.  Average users most likely have no idea that these vulnerabilities even exist, or what can be done with them.  Jon Oberheide, chief technology officer and co-founder of Duo Security said, “We hope that X-Ray will raise user awareness about the security of their mobile devices and put pressure on carriers to step up their game when it comes to patching their users’ devices.”

At the moment X-Ray is only available on the Android platform.

What do you think about X-Ray?

This post is categorized in: