Posted by & filed under Announcement.

Dear customer,

In the past 48 hours, we have experienced very heavy traffic, which was double more than our server can afford. This resulted in process delay of servers and many users experienced unsuccessful sign in/up and related problems. We are sorry for the inconvenience and have worked in the problem in the past two days. Now all problems are solved and we apologize again for this accident. Please feel free to contact us if you have any questions in the future at support@trustlook.com. We hope you enjoy using our app and we would like to hear from you. Thanks for your support!

 

Sincerely,

Trustlook Team

 

 

Posted by & filed under News.

Our new widget provides users a quick way to boost device speed, open flashlight, scan virus and check weather information.

Trustlook’s latest version is ready to download now! In this new version of 2.4.3, we have the following updates:

  1. Widget & Floating Point
  2. New SD Card Scan Animation
  3. Add Dialog for you to check after resolved the problem
  4. Several Bug Fixed

Widgets make your phone experience easier, faster and more convenient. Now we have the choices to add one regular widget and one floating widget. Get excited about the new feature and can’t wait to try it immediately? Let’s see how to do!

download-button-orange

 

How to add the regular widget to home screen?

  1. Make sure you have enough home screen space to place Trustlook widget, it only takes 4×1 space (1 row)
  2. Long press and hold until you can choose “Widgets”,  find the name Trustlook Security on the widget pages, and drag it to home screen. (See demo below)
Screen Shot 2014-12-10 at 21.53.49

 

Screen Shot 2014-12-10 at 21.58.19

 

Screen Shot 2014-12-10 at 22.01.16

 

How to add the floating widget?

  1. Open Trustlook Antivirus & Mobile Security
  2. Select side Menu at the up right corner and then select About
  3. On the About page, select Settings, then turn on the Floating Widget  
Screen Shot 2014-12-10 at 22.09.26       Screen Shot 2014-12-10 at 22.10.15

 

4. After turned on the Floating Widget, a blue circle (with white inner) appears and you can touch the circle to show or hide the Floating Widget.

Screen Shot 2014-12-10 at 22.14.25

 

5. Press and hold the circle for 2 seconds to turn off the Floating Widget

Screen Shot 2014-12-10 at 22.16.24

 

Hope you all enjoy using the new widgets! Try it here and feel free to tell us what you think about it so that we can improve and provide better service for you - support@trustlook.com. We’d love to hear from you!

 download-button-orange

 

Posted by & filed under News, Uncategorized.

shutterstock_115938574_Used

 

Trustlook Inc., an innovator in next-generation mobile security solutions, today announced as of Dec 4th, 2014, it has over one million registered users in Google Play Store for its most popular Android application – Trustlook Antivirus & Mobile Security, demonstrating a leading advantage with its unique technology and comprehensive mobile security services. Shortly within one year, Trustlook has become the fasted growing mobile security company which brought in-depth malware detection for smart device users.

Trustlook is dedicate to protect smart devices against malware, virus, spyware, Trojan, and provide comprehensive services for smart device users such as antitheft, data backup/restore, speed boost, web security and privacy protection. It ranked No.1 Security Solution in AV-TEST benchmark testing and has users over the world in 226 countries. The users vary from technical people, business people who want to protect their business privacy to parents who want to protect cyber safety for their children.

“Over the past several months, Trustlook has analyzed 1,458,759 applications. Reaching one million registered users is just a beginning,” said Allan Zhang, CEO of Trustlook. “We are proud that we can provide unrivaled real-time detection for smart device all over the world, compared with traditional mobile security solution providers. It is crucial to raise the awareness of mobile security and we hope more people could protect their mobile privacy in the right way.”

 

We are young but strong, and we cannot make it without you! Like us on Facebook to win a Moto 360 Watch and join us to celebrate!

Posted by & filed under Customer Support.

Photo Oct 11, 15 42 10副本

Based on your valuable feedback, we collected several frequently asked questions with answers for you to better secure your mobile devices!

Some apps are Google Play Store downloads or come with the phone. They should not have risks. Why does Trustlook Antivirus & Security identify them as high-risk apps?

High-risk applications are not applications with virus/malware. Usually they are applications/files that require much permission to access users’ private data without notifying users, or make your devices vulnerable to be attacked. Therefore, we recommend you remove high-risky apps in order to better protect your personal data and privacy.

 

Why does the installation screen display with mixed language?

Currently, Trustlook Antivirus & Mobile Security supports 11 languages:

English, Arabic, German, Spanish, French, Indonesia, Japanese, Korean, Portuguese, Russian, Chinese Simplified & Traditional.

On the installation/open screen, contents are shown in the language you chose to use for your device, while “Decline” and “Accept” buttons are always shown in English. This is because our application can only change the content language while the button language is controlled by Google Play Store.

 

Why does the scan process sometimes take a long time, and sometimes goes quickly?

The scan length varies according to the amount of apps installed in your devices. Usually the first time scan goes slowly because Trustlook Antivirus & Mobile Security needs to go through every app/file in you phone and update with its database. If you scan your devices regularly, the scan process will takes less time.

 

Why Trustlook finds risk apps for me but I cannot uninstall the app/delete the virus?

Sometimes the risky apps/files are system apps/files, which are not allowed to uninstall/delete. Therefore when you click “Remove now” or “Uninstall”, it will say “Uninstall Unsuccessful” or you will see it again if you go back. We recommend going to the device settings and disable certain permission of these system applications to avoid possible privacy leakage.

 

Why Trustlook needs many permission such as camera, audio/video or track my location?

All permissions are required in order to launch security features and monitor real-time activities to report alert and give solutions. In addition, certain permissions are used to support value-added functionalities. For example, it need to have the access to camera/audio in order to take a picture of the person who wrongly entered your password more than 3 times and send you the alert email. You can use alarm to find your phone and Trustlook Antivirus & Mobile Security needs to access your location to tell where the device is. The permissions are all protection needed and your data will be more secure with Trustlook Antivirus & Security.

 

Why Trustlook tells me I have duplicate apps but I cannot see them in the app list?

Some applications split their application into two parts – one application and one system file, and they use the same icon. If they are detected as duplicate applications but not appear in the list, we recommend you ignore them.

 

Why I cannot find the app which is identified as virus?

Trustlook Antivirus & Mobile Security not only scan applications you download from Google Play Store, but also scan system applications/files in order to go through deep detection for your devices. Sometimes the system applications/files are hidden due to default device setting. You can solve the problem by going to the device settings and disable certain permission of these system applications to avoid possible privacy leakage.

 

Does Trustlook still run after I quit the app?

Yes. Trustlook Antivirus & Mobile Security still run after you quit the application. It works at the back with real-time detection and will alert you when new risks are found. You can also call it back through the notification bar.

 

I installed Trustlook Antivirus & Security several months ago, used it regularly to protect my phone and it said my phone is great. However it suddenly says some apps are high risk and need to be removed. Why didn’t it tell me when I scanned before?

Trustlook Antivirus & Mobile Security provides real-time virus/malware detection by updating database frequently. New risks apps appear because they added risky features in their latest version and we detected them and report to you immediately.

 

Why some tasks still exist after I killed them?

Usually they are system tasks/files and they cannot be killed as long as the device is open. Or, if they are downloaded applications, you need to disable its “Run in background” feature in order to terminate it.

 

Did not find the answer you want? Feel free to contact us at support@trustlook.com.

We are happy to solve any questions for you!

 

 

Posted by & filed under Announcement.

Good News!

Based on our unremitting efforts, “Trustlook Antivirus & Security” app is now back on Google Play Store. We are very glad we could quickly solve this problem in 24 hours and continue offering premium protection for your mobile devices.

Thanks for your support and we appreciate your patience in the past day! Please feel free to download/update our app in Google Play Store or on our official Website, or use the following button.

download-button-orange

Posted by & filed under Announcement.

Dear customer,

Yesterday (Nov 11, 2014) at 3:40pm, Google Play notified us our “Trustlook Antivirus & Security” app has violated certain policy and removed the application immediately. Trustlook is a security company dedicated to protect users’ mobile experience. Users’ trust is our bloodline. Instead of exposing violational material, our app empowers users to filter out inappropriate content.

We were shocked by this false claim, and are actively working with Google to get this mistake corrected. We are sorry for the inconvenience and we are appreciate your patience. Please use the button as below to download “Trustlook Antivirus & Security” app. Thanks for your support!

download-button-orange

Posted by & filed under malware, potentially unwanted app.

 

Although Google has a series of security measures to keep malwares from Google play (such as routined scanning), there always malwares that slipped through. And one of our security team’s job is making the Android app market a saver place.

Everyday our behavior analysis platform and static analysis engine could identify hundreds of apps containing malicious behavior, such as steal your privacy, exploit vulnerabilities on your phone, or send unwanted SMS or phone calls. From today on, we will routinely updated with you the latest malwares that Trustlook has discovered on app markets, to show you what are the malwares look like and how they threatening your security.

Business Insider
Package Name: com.freerange360.mpp.businessinsider
Still on Google Play? Yes
Behavior: steal privacy (send the phone number to external server without your approval)
bizinsider1

bizinsider2 bizinsider3

TRIO Publications
Package Name: com.freerange360.mpp.thtrsopu
Still on Google Play? Yes
Behavior: steal privacy
360

3601 3602

Royal Poker
Package Name: com.RoyalP
Still on Google Play? Yes
Behavior: steal privacy
poker

poker1

Phone Book
Package Name: archfoe.phonebook
Still on Google Play? Yes
Behavior: steal privacy

MP3 Cutter
Package Name: com.beka.tools.mp3cutter
Still on Google Play? Yes
Behavior: send SMS on background
mp3

mp31

Smile Theme GO LauncherEX
Package Name: com.gau.go.launcherex.theme.smile
Still on Google Play? No
Behavior: Attempt to use “adb setuid rooting vulnerability” to gain root privilege on your phone. If successful,
golauncher
Although named after the famous “Go Launcher”, it’s a malware developed by 3rd party.

dsploit
Package Name: it.evilsocket.dsploit
Still on Google Play? No
Behavior: Attempt to use CVE-2011-3874 rooting your phone on background.
Named after the hacking tool “dSploit”, it’s developed by totally different people. It IS a hacking tool, but the trigger is not in your hand.

水果爱消除2
Package Name: com.fram.fruit.aixiaochu.ceshi
Still on Google Play? No
Behavior: Attempt to use CVE-2011-3874 rooting your phone on background.

Before you see this article, Trustlook Antivirus can identify all of them.

Posted by & filed under AVTest, News.

Achieving 100% Malware Detection Rate With Zero False Alert And Full Application Usability & Protection Score Of 6.0/6.0

Trustlook ranked No.1 mobile security application in AV-TEST Benchmark testing. With 100% detection rate of a representative set of malicious apps (2186 malware samples used), zero false alert for Legitimate applications from Google Play Store (1946 samples used) and other App Stores (970 samples used), and full performance score of 6.0, Trustlook Mobile Security (http://goo.gl/nLj7DS) ranks No.1 among other 32 Andoid mobile security products.

Untitled

The growing popularity of smart devices bring not only convenience to people’s lives, but also the security risks that come with it. AV-Test’s benchmark testing have raised more awareness of the fact that mobile security applications has become essential to smartphone users. AV-Test’s scoring metric in fields from comprehensiveness of protection and other key features makes it one of the most authoritative standard with which to assess mobile security solutions for individual and enterprise users.

On the one hand, Trustlook’s outstanding performance is due to the relentless pursuit of technology, on the other hand benefited from the continued improvement for user experience, which are both reflected in the AV-Test tests. Besides comprehensive protection integrated with wide range of features including antivirus, data security, anti theft and web security, Trustlook’s quick response to recent severe vulnerabilities also gave users up-to-date solutions to mitigate everyday security risks.

Posted by & filed under News, potentially unwanted app.

You may have encountered the problem that your games and apps – which looks normal – has been identified as “high risk” by Trustlook antivirus. In this case, you need to check if they are genuine version from official Google Play, and upgraded to the newest version. Otherwise, those app might contain minor risk behavior that violates your privacy.

In this blog we’ll take the “Admogo” (http://www.adsmogo.com/) as an example, which is a famous Ads SDK emerged in China. They claimed to have more than 70k apps covered, with 1.1 billion requests per day. However, we found this SDK contains some code that may send your device IMEI number, location and phone number to the 3rd party servers, and might be use for commercial purpose.

Some well-known games and apps are also in the list (e.g. the old version 2.3.1 of “Don’t Tap The White Tile”, which now have 50m+ install on Google Play). They are malwares, but they do contain stealing behavior. To avoid installing these apps, we suggest you to get apps from Google Play, instead of from a less-known app markets or direct APK download.

Here’s some examples:

Package Name Still on Google Play? MD5
com.raesun.lovely.photo.frames No 0AE614389E861C562D77C9FB80A4B669
zhao.peng.you no 0BEE4547BE554C14D204520539264244
com.doirdfunia.photoartdroid no 0E9BAA19BBF60E8EFC41935C46AE5C79
cn.com.lw.fish no 05525E236F4C5EA5F7D7FB142F1BA171
com.doirdeditor.PhotoFunia no 10402A2E17DC14F23194EC414BECAE38
cn.bluesky.fourinalinekids yes
(newest version is clean)
0B8E1DECAC3EFE6FC5BA63D0EB655758
net.tomcoolz.android.livewallpaper no 0DB19A61974D31C5F813C0A4DAB2CB79
com.raesun.lovely.photo.frames no 0AE614389E861C562D77C9FB80A4B669
cn.chinabus.main yes 5CC96B42A91017184D04CD5F972CA2B4
com.umonistudio.tile yes
(newest version is clean)
EC0AA4AED20669BF68305D686CD94606
com.zjsj.chinachess yes
(newest version is clean)
07186A73DAF1ACD4E8DB9BBEC7F2FCD6
com.funny.camera no 0E31A11E26B4F3A0CCC11DB0A9BCE8E0

Screen Shot 2014-10-12 at 7.01.50 PM
Screen Shot 2014-10-12 at 7.02.01 PM

Detailed behavior in Admogo SDK:

Read personal information from your phone:
Get IMei:
Screen Shot 2014-10-10 at 5.53.20 PM

Get Phone Number:
Screen Shot 2014-10-10 at 5.45.07 PM

Get Location:
Screen Shot 2014-10-10 at 5.37.27 PM

Send Out Information:
Screen Shot 2014-10-10 at 5.26.57 PM

Posted by & filed under News, vulnerability, zero-day.

Privacy Disaster is a major vulnerability on Android native browser component on the versions below 4.4. It’s a critical vulnerability because it shaken the foundation of client side web security: the same origin policy. By exploiting this vulnerability, an attacker could bypass the SOP protection and steal sensitive informations such as cookies and login credentials.

Q: How could a hacker exploit it? What’s the consequence?

A: Your Android version must below 4.4 (which occupies more than 75% of market share). If you unfortunately opened a malicious webpage using Android’s native browser or apps’ webview component, the attacker could extract your cookie from another website, which may contain personal data or login credentials. Also, the attacker is able to embed another good webpage in the malicious page, say Paypal, and manipulate the page’s source code to log your username and password when you are logging in.

Those malicious behaviors should never work if the Same Origin Policy mechanism works properly.

Screen Shot 2014-09-22 at 1.27.28 AM

Q: What is Same Origin Policy (SOP)?

A: “Same origin” here means the same domain, same port and same protocol. We can assume 2 pages have same owner if they matches the “same origin”. SOP is a basic client side protection mechanism on almost all browsers: JavaScript from one origin should not be able to access the properties of a website on another origin.

For instance, you own a webpage, and embedded an iframe pointing to an email login page inside the page (in this case, email is the child page, and your page is parent page). Suppose you write some JavaScript in the parent page, can these code manipulate the source code of the child email page? The answer is certainly no, your JS cannot access the page elements – including page source and cookies – from another domain. Otherwise the hacking would be fairly easy, how about modifying some code to post your password to somewhere else? Or open an invisible iframe pointing to a social media website, and then retrieve the cookie from the parent page?

Unfortunately, the nightmares became the reality, as the SOP on Android browser could be bypassed by “Privacy Disaster” vulnerability.

htc

Q: What caused this vulnerability?

A: At first glance of this vulnerably, my reaction is like other security researchers: unbelievable. It’s a so critical mistake in the code: it seems the developer passed a wrong URL variable into the URL security check, and rendered the check meaningless. Here are the 2 major fixes on the AOSP (Android Open Source Project): 1368e05e8875f00e8d2529fe6050d08b55ea4d87 7e4405a7a12750ee27325f065b9825c25b40598c

Q: How do I defend against it?

A: The best way is to upgrade your Android to 4.4, however it’s not doable for everyone. Moreover, the default browser cannot be uninstalled, neither can you evade the webviews that widely used among apps. It’s hard to patch or mitigate, that’s why we say 75% users are “abandoned”. The best suggestion we could give you is to be careful clicking an untrusted URL or installing a suspicious app. Nevertheless, even the URL points to a trusted source, it is possible that a network attacker hijacks the traffic and redirect your HTTP requests to a malicious source.

Trustlook is still working on the solution via 3rd party security softwares. We’ll keep you updated.