Question How does Bitdefender web protection work in Android?

[SohanRay]

Does Bitdefender web protection in Android scan web pages in real time? For example, if a malicious web page hasn't been yet added to Bitdefender's blacklist database, and I try to access it, will Bitdefender be able to detect and block it? I have info that it does detect it in windows, but does it detect in Android also?

 

[Bot]

Yes, Bitdefender web protection in Android does scan web pages in real time using advanced algorithms to detect and block potential threats, including those not yet included in its blacklist database. This ensures that your device is protected from all possible online security threats.

 

[SeriousHoax]

I don't think so. On PC, thanks to HTTPS scanning, it can detect malicious code in websites' HTML as well as malicious javascripts loaded by websites. On Android, similar to the Bitdefender TrafficLight extension, it queries the cloud for website's reputation as far as I know.

 

[Trident]

On Android, scanning of pages in real time is not available due to the fact that Android doesn’t support minifilters (can’t capture new files and queue them for scanning). Also, battery conservation on mobile devices is above everything else. Bitdefender on mobile devices will be able to handle known phishing pages and nothing else.

 

[SohanRay]

I don't think so. On PC, thanks to HTTPS scanning, it can detect malicious code in websites' HTML as well as malicious javascripts loaded by websites. On Android, similar to the Bitdefender TrafficLight extension, it queries the cloud for website's reputation as far as I know.

There are apps in Android , like Adguard , which does filter HTTP/S traffic in browsers. So, HTTPS scanning should also be possible....

 

[SohanRay]

Sophos for mobile Android , does infact scan web pages in real time , in addition to checking against blacklisted Urls in the database. This was confirmed by one of the Sophos representatives.

 

[SeriousHoax]

There are apps in Android , like Adguard , which does filter HTTP/S traffic in browsers. So, HTTPS scanning should also be possible....

Adguard works on only a few megabytes of filter lists available locally, while Bitdefender's signature size is over 400 MBs. It's not the same thing. Maybe some other things can be done via cloud, I don't know. But Bitdefender doesn't do that. HTTPS scanning is excessive on Android. Even on Windows, it is useful in very few situations.

 

[Trident]

Adguard works on only a few megabytes of filter lists available locally, while Bitdefender's signature size is over 400 MBs. It's not the same thing. Maybe some other things can be done via cloud, I don't know. But Bitdefender doesn't do that. HTTPS scanning is excessive on Android. Even on Windows, it is useful in very few situations.

Scanning can be achieved in few ways. It can be done by using a service (accessibility permission required as well as permission to draw over the app). The service should be light, as light as possible and also, battery optimisations for it should he disabled. Even though the service can check various data such as DNS records (location, time of registration and others) and take a decision this way, it will be unable to scan the content using heuristics the way it will be done on Windows. The service doesn’t have access to the browser cache. Hence, it can’t scan HTTPS traffic even if it performs MITM.

The second way scanning could be done is via VPN tunnel in which case the product can easily intercept all traffic from anywhere. In this case it may be possible to implement some heuristic analysis, but it will be too expensive on battery life.
HTTPS scanning is possible in this case.

Third way is via autofill extension (Norton patent about to be implemented). In this case, the extension can read the page as soon as the keyboard is brought up and detect brand impersonation/phishing. On iOS the same can be done via Safari extension and ZoneAlarm is already doing it. HTTPS scanning is not needed in this case.

There is also the option of replacing your default browser with a fictional one that both sends the link for real-time analysis in the cloud and brings up your real default browser. This is performed by Avast and it looks like Sophos does the same, at least on iOS.

 

[SohanRay]

Ohk, so I got response from higher level support from Bitdefender in email . The ans was:

Hello,

Thank you for contacting Bitdefender for assistance.

Bitdefender's web protection feature in Android does indeed scan web pages you access in real-time and aims to detect and block malicious ones. It leverages a combination of techniques, including heuristics, behavioral analysis, and cloud-based scanning, to identify and prevent access to malicious or compromised websites.

When it comes to zero-day or newly registered malicious pages that are not yet present in Bitdefender's threat blacklist database, the web protection feature employs proactive detection mechanisms to identify suspicious behavior or characteristics commonly associated with malicious websites. This helps in detecting and blocking such threats even if they are not explicitly listed in the database.

 

[blue4774]

On Android, scanning of pages in real time is not available due to the fact that Android doesn’t support minifilters (can’t capture new files and queue them for scanning). Also, battery conservation on mobile devices is above everything else. Bitdefender on mobile devices will be able to handle known phishing pages and nothing else.

You are so wrong. Go ahead and use your Android devices without phishing protection and without Real Time protection. People think Android is a secure OS and that Google Play Protect helps...but in fact Android so vulnerable and Google Play Protect is a joke. Have a great day.

Also, stop talking without knowing what Bitdefender Mobile Security is doing