I have discovered by chance that WSA Android can be easily terminated. If you open WSA in Applications Manager and press Enforce Termination WSA terminates then. I had expected a prompt for a password like when you uninstall WSA.
It seems like a security hole, doesn't seem? In this way a malware can easily terminate WSA and penetrate into Android. Nevertheless it might be rather Android limitation/behaviour than a security flaw.
Therefore any comment is appreciated.
Thanks & regards,
Best answer by JimMView original
It's impossible to prohibit the app from ever being shut down (again, that's just how Androids work). However, if you ever come across any app that purposely attempts to shut down Webroot, we'd certainly like to know about it so we can investigate. Please keep in mind though that even if you ever found an app that purposely attempts to shut down Webroot, and even if it did so successfully (which, again, is normal), and even if you didn't see the icon, the service still restarts and is still actually running, regardless of whether or not you see the icon.
ScanService restarts itself including WSA icon. ActiveProtectionService restarts itself but WITHOUT WSA icon. Now if we know that the services restart please make sure that WSA icon restart even if WSA is terminated via Application Manager using Enforced Termination.
Yes, if I kill the both services the active time clock restart itself but not WSA icon in the top left corner of the screen. It is satisfying to see WSA processes restart in the background. However if the icon is missing users can have impression that WSA didn't restart at all. Therefore please find a workaround to restart also WSA icon together with the services and all will be fine.
For instance, if you go into manage services and kill both of the Webroot services, the active-time clock to the right side of the service name merely restarts itself.
Would you please verify you see the same behavior? It initially appeared to me that the service was shut down as well until I observed the active-time clocks. If you don't see the clocks at all, that would also be good information to share please. That could have to do with minor changes between the versions of the Android OS itself. It's possible I see something in my OS that you don't see in yours.
You are protected by the shields and would have to give the app express permission to turn off other applications. Posting the idea is a great place to start. At the rate Android releases operating systems, there might be a way to implement such features in the future.
You can have the best sophisticated protection included/bundled in WSA but there is nothing simplier than to terminate WSA. Since then an Android phone is vulnerable and all state of the art protection is in vain.
Therefore there has to be:
1) a password protection against termination
2) 100% reliable workaround that if WSA is terminated it restarts itself in the shortest possible time
I don't know what is more convenient solution or if there is another one but it needs to be definitelly addressed.
You are correct that this is controlled by Android and if the user wants to manually shut Webroot down through the app manager, they will be able to. However, there are many shields that protect you from this hypothetical situation. The app would have to get through the File Shield, Install Shield, and the Execution Shield if SecureAnywhere was installed on the device. You would also have to give the app in question the permission to terminate other applications through the app manager and in most cases, SecureAnywhere starts right back up again after it is forced closed.