Testing Built-In Mobile Device Platform Security Functions

An array of security features are built into the smart phones and tablets we carry in our pockets. Often we take these built-in security functions for granted, expecting them to work properly when needed (e.g., remote wipe, SD card encryption, etc.). But do they work?

ICSA Labs platform security testing of smart phones and tablets reveals that more than a few security functions do not work as they should in the vast majority of mobile devices. In 2015 alone, ICSA Labs uncovered 161 security-related shortcomings in the devices it tested. In fact, as of late 2015, only a single device has ever passed on its first time through testing. 

What Gets Tested?

What gets tested are many of the platform security protections built into Android, Blackberry, and Windows smart phones and tablets. The testing is comprised of test cases that correspond to over twenty built-in, platform security protections, including the following:

  • Root Detection
  • Secure Boot
  • Authentication
  • Data Encryption
  • Local/Auto Wipe
  • Device Lock
  • Remote Wipe

Who Are Our Customers?

For the last several years, ICSA Labs has performed this testing on behalf of mobile network carriers and mobile device manufacturers. Thus, the mobile network carriers that provide cellular network service to users and who often resell the same mobile devices register with ICSA Labs for testing.  ICSA Labs also tests the platform security functions built into devices for proactive, security-minded mobile device manufacturers - the makers of smart phones and tablets. Both device makers and cellular network carriers have a vested interest in ensuring the security protections in smart phones and tablets work properly for their own customers.