Solved

Enforce termination of WSA Android

  • 3 November 2012
  • 10 replies
  • 69 views

Userlevel 7
Hello,
 
I have discovered by chance that WSA Android can be easily terminated. If you open WSA in Applications Manager and press Enforce Termination WSA terminates then. I had expected a prompt for a password like when you uninstall WSA.
 
It seems like a security hole, doesn't seem? In this way a malware can easily terminate WSA and penetrate into Android. Nevertheless it might be rather Android limitation/behaviour than a security flaw.
 
Therefore any comment is appreciated.
 
Thanks & regards,
pegas
icon

Best answer by JimM 8 November 2012, 22:59

View original

10 replies

Userlevel 7
Great questions pegas.
 
You are correct that this is controlled by Android and if the user wants to manually shut Webroot down through the app manager, they will be able to. However, there are many shields that protect you from this hypothetical situation. The app would have to get through the File Shield, Install Shield, and the Execution Shield if SecureAnywhere was installed on the device. You would also have to give the app in question the permission to terminate other applications through the app manager and in most cases, SecureAnywhere starts right back up again after it is forced closed.
Userlevel 7
@ wrote:
SecureAnywhere starts right back up again after it is forced closed.
No Mike, not at least in my case. If I terminate WSA it stays closed/terminated until I open either WSA application or Backup&Sync what indeed makes a security hole.

You can have the best sophisticated protection included/bundled in WSA but there is nothing simplier than to terminate WSA. Since then an Android phone is vulnerable and all state of the art protection is in vain.

Therefore there has to be:

1) a password protection against termination

or

2) 100% reliable workaround that if WSA is terminated it restarts itself in the shortest possible time

I don't know what is more convenient solution or if there is another one but it needs to be definitelly addressed.
Userlevel 7
I will give your idea a kudos if you post it in the Ideas Exchange and we may be able to get more feedback and support for the idea, but currently this is a limitation of Android.
 
You are protected by the shields and would have to give the app express permission to turn off other applications. Posting the idea is a great place to start. At the rate Android releases operating systems, there might be a way to implement such features in the future.
Userlevel 7
I attempted to reproduce this behavior, and what I'm noticing is that the service icon is not refreshing 100% of the time, but the service itself is, in fact, still running.

For instance, if you go into manage services and kill both of the Webroot services, the active-time clock to the right side of the service name merely restarts itself.

Would you please verify you see the same behavior? It initially appeared to me that the service was shut down as well until I observed the active-time clocks. If you don't see the clocks at all, that would also be good information to share please. That could have to do with minor changes between the versions of the Android OS itself. It's possible I see something in my OS that you don't see in yours.
Userlevel 7
Hi Jim,

Yes, if I kill the both services the active time clock restart itself but not WSA icon in the top left corner of the screen. It is satisfying to see WSA processes restart in the background. However if the icon is missing users can have impression that WSA didn't restart at all. Therefore please find a workaround to restart also WSA icon together with the services and all will be fine.
Userlevel 7
I'll bring this up in my next meeting with our mobile team. Fortunately, this issue appears to be cosmetic. Nevertheless, we will see what we can do. Good catch!
Userlevel 7
Perfect, please keep us informed. Thx.
Userlevel 7
Jim, just to add ...

ScanService restarts itself including WSA icon. ActiveProtectionService restarts itself but WITHOUT WSA icon. Now if we know that the services restart please make sure that WSA icon restart even if WSA is terminated via Application Manager using Enforced Termination.
Userlevel 7
After speaking with the mobile team, it looks like this is going to be chalked up to OS limitations. However, as I mentioned, this is a purely cosmetic issue. The Webroot services are actually running. It's just unable to get an icon to pop up when you're restarting one of them. The only time you would ever see this happen is by purposely trying to kill a service that restarts itself automatically.

It's impossible to prohibit the app from ever being shut down (again, that's just how Androids work). However, if you ever come across any app that purposely attempts to shut down Webroot, we'd certainly like to know about it so we can investigate. Please keep in mind though that even if you ever found an app that purposely attempts to shut down Webroot, and even if it did so successfully (which, again, is normal), and even if you didn't see the icon, the service still restarts and is still actually running, regardless of whether or not you see the icon.
Userlevel 7
Thx Jim. Perfect. It is pleasant to hear that it is just an aesthetic issue with the missing icon than a real security hole.

Reply