Using the Mobile Security apps
Device
In the dashboard, the Device tile displays the current state of the device itself. Examples of threats that show up in this category include:
App Tampering
Device Jailbroken / Rooted
File System Changed
Selecting this category navigates to the Device page. Critical events or risks display issue items with details and Yes/No values. The GravityZone MTD uses color codes to indicate issue severity. Title bar turns red when a critical threat is detected according to the Threat Policy.
Yellow bar = risk detected
Green bar = no risks/threats detected.
If any detections are set to Yes, tap the down arrow for recommendations and additional item information.
If you press Fix, a screen with details and resolution displays.
Threat Zones
Travelers often connect to Wi-Fi networks for internet access. Open Wi-Fi networks can be traps for attackers who exploit victims seeking access to gain their information.
Threat zones indicate high-risk networks to avoid. These are known as Danger Zones. To select a network, access the app and click on Threat Zones.
Admin can customize Threat Zones tile display and alerts for threat zone functionality. Alert text settings are configured in the Policy page, like other threat management settings. The user can mark a network as trusted on their device to avoid future prompts.
Threat Zone Map
The feature displays a map that is initially based on the user's location. The presented map displays red markers that indicate the presence of nearby high-risk networks. The red icons displaying numerical values indicate the quantity of identified threats on access points that are deemed high-risk. The zoom in and out functionality can be accessed by performing a two-finger gesture on the screen.
Pressing an icon dives deeper into the location chosen, and eventually to the SSID for nearby or unsecured Wi-Fi networks.
Mobile Security web threat protection
The GravityZone MTD system performs a check for phishing links and has the capability to activate or deactivate VPN connections based on the policy settings configured on the Mobile Security console.
The system employs web content filtering to alert and safeguard users against accessing potentially hazardous websites and links, including malware, phishing, botnets, and suspected domains.
The GravityZone MTD offers users options to safeguard themselves against hazardous phishing links through SMS/MMS protection and the Safari browser on iOS, without requiring the VPN to be configured.
It is possible to define a fresh action for content filtering categories, which involves preventing access and potentially generating a notification. The Web tile in the dashboard exhibits the current state of threat detection, which is represented by the colors red, yellow, or green. Selecting this tile will navigate to the Web interface.
If you press the Report button, a Site Scan report displays. This report shows the number of sites that are blocked and their URLs, along with the number of safe sites and sites scanned.
If a threat is detected the following screen will be displayed.
When you click on the threat, the following screen displays. If the administrator sets a site to alert the user instead of blocking that site, options to Continue Anyway and Mark this site as “Trusted” appear for the user to select if they choose to bypass the warnings in the future.
Phishing and Content policy
The phishing and web content filtering policy enables an administrator to establish measures for safeguarding users against accessing potentially harmful websites and links. These may include malware, phishing, botnets, and suspected domains that contain risky content.
You can specify a new content filtering category action to block and optionally create an alert.
Actions that can be set include:
Alert the user giving a warning.
Alert the user giving a warning and create a threat.
Block the site.
Block the site and create a threat.
Block the site and do not create a threat.
The GravityZone MTD offers website categorization to users who receive alerts or perform safety checks on websites. This feature is contingent on the administrator's activation of content filtering and provides information on the website's category, such as gambling or illegal drugs. This guidance provides the user with instructions on how to determine the appropriate course of action to take.
When a specific website category or URL is determined to be harmful, it is blocked. An alert displays when a site is accessed from the browser, which includes the site and category.
Checking for phishing risk
When you press the Web dashboard tile, the screen shows the protection available for insecure (HTTP) connections. To check a link for phishing risk, you can:
Type or paste a copied link.
Press the QR code icon and scan a QR code. You will be prompted to allow the GravityZone MTD to use the camera.
Additional phishing protection with iOS
The GravityZone MTD offers alternative methods for continuously protecting you from malicious and risky links that are either displayed by the Safari browser or contained in SMS/MMS messages.
Protection When Running the iOS Safari Browser - The GravityZone MTD enables the expansion of anti-phishing and web content filtering capabilities to the Safari browser on iOS mobile devices. It can install a Safari extension provided that the administrator has enabled this functionality. The extension can be enabled manually to grant the required permissions for it to operate on browser pages. To utilize this feature, it is necessary to have either the Phishing Protection policy or the Enhanced Phishing Protection plus Web Content Filtering policy enabled in console. The feature does not necessitate the VPN Link Verification permission.
Protection from Risky Links in iOS SMS/MMS Messages - The GravityZone MTD enables anti-phishing for the Messages app on iOS mobile devices. This feature offers an alternate way to protect MTD users from harmful links in SMS and MMS messages.
This feature blocks risky SMS links in Messages app and displays all blocked messages in a separate folder.
Enabling SMS message filtering moves risky messages to a separate folder in the Messages app. This feature enhances protection against risky and malicious links.
Additional phishing protection with Android
Protection from Risky Links in Android SMS/MMS Messages - The GravityZone MTD enables anti-phishing for the Messages app on Android mobile devices. This feature protects GravityZone MTD users from clicking malicious links in SMS and MMS messages on their device.
Enable the feature in the Mobile Security console in Phishing or Web Content Filtering policy and obtain the user's permission in Android for detecting risky links in messages. This feature identifies and notifies users of potentially harmful links in SMS/MMS messages within the Messages app prior to user interaction. Threat details include message phone number with risky link.
Enabling Link Verification - If enabled by the administrator, the user is able to toggle Enable Link Verification on and off as shown in this figure.
If the link is risky, the app displays a screen indicating the status, along with details, resolution, site, and category. You can enable the Mark this site as Trusted to bypass this warning and proceed to the site without being alerted again.
VPN Protection - In order to activate Link Verification on the device, it is necessary to grant permission to the GravityZone MTD to include the local VPN on the device.
The local Virtual Private Network (VPN) serves the purpose of identifying and obstructing potentially hazardous hyperlinks on the device. The local VPN has the capability to tunnel unsecured Wi-Fi traffic when it is properly configured within the Mobile Security console policy.
After the successful establishment of the VPN configuration on the device, a notification will be presented to the user whenever the device detects an endeavour to connect to an unsecured Wi-Fi network. The app system facilitates the automatic establishment of a secure Virtual Private Network (VPN) connection between the device and the network. This VPN connection encapsulates and transmits potentially vulnerable (HTTP) traffic over the unsecured Wi-Fi network.
If you toggle Enable Link Verification on, a popup displays.
The following message displays as confirmation that link verification is enabled.
GravityZone MTD threat protection
The GravityZone MTD scans specific categories for threats to your security. These categories are displayed in tiles on the dashboard:
Apps
The Apps tile in the dashboard presents the current status of the system. Selecting this tile will navigate the user to the Apps interface.
The status is indicated by the colors green, yellow, or red.
Green signifies that no threats have been detected.
Yellow indicates the detection of risks.
Red indicates the detection of threats.
If a risky app is found, the screen provides the user with information on the application and a recommendation on how to proceed.
Categories for risky apps include:
Suspicious apps are installed and are high risk. They have the potential to compromise the device.
Sideloaded apps were installed outside of the Google Play Store or App Store. They have not been officially validated and are considered risky.
Out of Compliance (OOC) apps, which have characteristics that do not comply with the organization’s privacy and security policies.
Note
iOS will only provide access to the apps if the app is used with an MDM.
Application scanning
The GravityZone MTD automatically scans the device for risky apps when it is initially installed. Apps are also scanned when they are downloaded and installed.
Searching apps to determine risk
Users can search for an app from a comprehensive database to ensure its safety before installing it on their device. The application's privacy and security rating is presented in a concise format, allowing users to assess whether it may pose a risk to their device. The app risk report for currently installed apps can be viewed on Android devices. Non-English language searches are also supported.
The App Risk Lookup feature must be activated from the Mobile Security console, by following the steps below:
Go to your Mobile Security console.
Go to the Manage section.
In General allow the App Risk Lookup feature.
Access the Apps tile and follow these steps to search for an app risk report:
Press App Look Up on the Apps tile.
Search for an app name.
Tap the app name to view the privacy and security risk report for the app.
For your Android device follow these steps to view the app risk report for your installed apps:
Press Installed Apps on the Apps tile.
Search for and select an app.
Tap the app name to view the privacy and security risk report for the app.
Difference for allow-listed apps on the Mobile Security console
Find out how the apps that are allow-listed in Mobile Security console show up in the App Store Search view.
Android
For apps installed on the device, the app is flagged as Trusted App and the message App name has been reviewed by your company and is approved for you to use is displayed.
For apps from Play Store, the GravityZone MTD does not look for apps that are allowed and displays the app risk along with privacy and security risk levels.
iOS
Apps installed on the device cannot be listed/scanned on iOS.
For apps from the App Store, the GravityZone MTD does not look for apps that are allowed and displays the app risk along with privacy and security risk levels.
Network
In the dashboard, the Network tile displays the current state of the network or Wi-Fi connection. Examples of threats that show up in this category include:
Compromised Network
Danger Zone Connected
MITM (Man in the Middle)
Rogue Access Point
SSL/TLS Downgrade
The Title bar changes color when detecting a threat:
Red = critical threat
Yellow = risk detected
Tag tracker
The Android-exclusive functionality provides notification alerts in case of any tracking devices, such as Apple AirTags, are near you. Upon detection of the device, a notification will appear containing the AirTag's identification number, Media Access Control (MAC) address, and initial identification date.
Note
This type of detection requires Bluetooth permission.
The user has the ability to choose the option of activating an audible alert on the tracker, which can assist in locating it. The AirTag can be designated as "trusted" if it is deemed safe, giving you the option to do so.