Key features of

CylancePROTECT Mobile

The

CylancePROTECT Mobile

app can detect malware on an

Android

device and direct the user to uninstall malicious apps. The

CylancePROTECT Mobile

app scans the apps on a user’s device and uploads the app files to the

CylancePROTECT

cloud services, which use AI and machine learning to analyze the app package and produce a confidence score that it returns to the

CylancePROTECT Mobile

app. The confidence score determines whether the scanned app is safe or potentially malicious.

When the

CylancePROTECT

services determine that an app is potentially malicious, the app notifies the user and provides further details. The user can tap a fix option in the app to navigate to the device settings and uninstall the malicious app.

An app is uploaded to the

CylancePROTECT

services if it has a hash that the services have not processed previously. If the device scan finds an app that has been analyzed previously, it uses the confidence score that the

CylancePROTECT

services have already generated for that unique app hash. Whenever an app has a new hash (for example, for a new version) the app is uploaded to the

CylancePROTECT

services for analysis and scoring (if it has not already been uploaded from another device).

Sideloaded apps don’t follow the same restrictions or protections as apps distributed through official app stores. The

CylancePROTECT Mobile

app can detect the presence of a sideloaded app on a user’s device, alert the user, and guide the user to uninstall it.

On

iOS

, the

CylancePROTECT Mobile

app can detect only sideloaded app developer certificates that the user has chosen to trust in the device settings. A user can't use a sideloaded app unless the app developer certificate has been trusted.

On

Android

, the

CylancePROTECT Mobile

app identifies sideloaded apps based on the installation source. The

CylancePROTECT

cloud services and the

CylancePROTECT Mobile

app consider official app sources, such as

Google Play

, the

Amazon Appstore

, and the

Samsung Galaxy

Store, to be trusted. Apps that were installed from untrusted sources are considered sideloaded.

CylancePROTECT Mobile

can warn users of potentially malicious URLs in SMS text messages.

New incoming text messages from known contacts are automatically considered to be safe and only messages from unknown senders are scanned and assessed. When a user receives an SMS text message that contains a URL, the

CylancePROTECT Mobile

app sends the entire message to the

CylancePROTECT

cloud services in real time. The

CylancePROTECT

services use advanced machine-learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the message. When an unsafe URL in a text message is detected, the message is filtered to the junk folder.

To protect user privacy, only messages that contain URLs are assessed. No additional metadata or user identifiers are collected or stored.

CylancePROTECT Mobile

can warn users of potentially malicious URLs in SMS text messages.

When a user receives an SMS text message that contains a URL, the unaltered URL is sent to the

CylancePROTECT

cloud services in real time. SMS scanning is limited to the default SMS app on the device. New incoming text messages from known contacts and unknown senders are scanned and assessed.

The

CylancePROTECT

services use advanced machine-learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL. If a URL is determined to be unsafe, the

CylancePROTECT Mobile

app alerts the user, provides details, and guides the user to delete the text message.

To protect user privacy, only messages that contain URLs are assessed. No additional metadata or user identifiers are collected or stored.

CylancePROTECT Mobile

defends against the following network threats:

Unsafe network connections: On
iOS
and
Android
devices, the
CylancePROTECT Mobile
app will periodically try to connect to the
CylancePROTECT
cloud services. If the connection is not successful,
CylancePROTECT Mobile
determines that the network is not safe.
Insecure
Wi-Fi
access points: On
Android
devices, the
CylancePROTECT Mobile
app periodically checks the properties of the current
Wi-Fi
access point to determine if it is secure. You can configure which
Wi-Fi
access algorithms your organization considers secure and insecure.

When the

CylancePROTECT Mobile

app detects an unsafe network or insecure

Wi-Fi

access point, it is reported in the app and in the management console.

The

CylancePROTECT Mobile

app checks specific device conditions and security settings and notifies the user about potential vulnerabilities to cyber threats. The app checks the following:

Whether developer mode is enabled (
Android
only)
Whether disk encryption is enabled (
Android
only)
Whether a screen lock is enabled (for example, a password or fingerprint)
Whether the device is rooted or jailbroken
Whether the device is running an OS version that you do not want to support
Whether the device model is one that you do not want to support

If the app detects a vulnerability, it indicates the potential risk level and provides guidance for the user to resolve the issue.

The

CylancePROTECT

cloud services can regularly perform attestation checks to verify the integrity and security of the

CylancePROTECT Mobile

app on each user’s device.

On

Android

devices, the

CylancePROTECT

cloud services use

Play Integrity

attestation,

SafetyNet

attestation, and hardware certificate attestation to validate the

CylancePROTECT Mobile

app.

Play Integrity

attestation replaces

SafetyNet

attestation. Older versions of the app will continue to support

SafetyNet

attestation until Google removes support. Attestation checks occur daily. You can also enforce a minimum security patch level on devices. If the app detects that the device does not meet the required patch level, it can alert the user to check for updates.

On

iOS

devices, the

CylancePROTECT

cloud services check the integrity of the app using the

Apple

DeviceCheck framework. Integrity checks occur daily.

On

Samsung

devices, the

CylancePROTECT

cloud services can also use

Samsung Knox

Enhanced Attestation in regular intervals to validate the integrity of devices.

Knox

Enhanced Attestation is hardware-based and can detect device tampering, rooting, OEM unlock, and IMEI or serial number falsification, in addition to performing app health checks.

If an attestation failure occurs, administrators can view details in the management console.

You can connect

Cylance Endpoint Security

to

Microsoft Intune

so that

Cylance Endpoint Security

can report a device risk level to Intune. The device risk level is calculated based on the detection of mobile threats by the

CylancePROTECT Mobile

app on

Intune

managed devices.

Intune

can execute mitigation actions based on the device risk level.

For each feature that you choose to enable in the

CylancePROTECT Mobile

app, you can choose to notify users of threats using device notifications, email messages, or no notifications (users can view threat alerts in the

CylancePROTECT Mobile

app).

The

CylancePROTECT Mobile

app for

Android

version 2.3.0.1640 and later notifies the user when a new version of the app is available in

Google Play

. After 30 days, the app will download the update automatically and prompt the user to complete the update and restart the app. After 60 days, the user cannot use the app until they respond to the upgrade prompt.

The

CylancePROTECT Mobile

app for

iOS

supports automatic updates from the

App Store

.