The security widget shows the security risks faced by your supported devices. If there are risks, it will show the threat level, and cause of the threat, and provide recommendations to secure the device. Use the security widget as one part of a robust device security system.
You can find the security summary in the Device Details section after clicking on the device in Devices & Groups.
In this article:
Security Criteria
The following are the basis on which security risks are calculated:
Basic Integrity
Basic Integrity gives you a signal about the general integrity of the device and its API.
Rooted devices fail basic integrity, as do emulators, virtual devices, and devices with signs of tampering, such as API hooks.
CtsProfileMatch
CtsProfileMatch gives you a much stricter signal about the compatibility of the device. Only unmodified devices that have been certified by Google can pass the CTS profile match. Devices that will fail CTS profile match include the following:
- Devices that fail basic integrity
- Devices with an unlocked bootloader
- Devices with a custom system image (custom ROM)
- Devices for which the manufactured didn’t apply for, or pass, Google certification
- Devices with a system image built directly from Android Open Source Program source files
- Devices with a system image distributed as part of a beta or developer preview program (including the Android Beta Program)
Additional information may be provided on CTS profile matches.
Security Patch Version
The last updated security patch version determines if the device is up-to-date on Android security patches.
Calculating the Security Score
Here's a few examples on how we calculate integrity scores:
- If the basic integrity check fails, then the device is a high-risk device.
- If the basic integrity check passes, the console gives a little more weight to its ctsProfile and Security Patch. If both fail, the device is considered medium risk.
- If the basic integrity check passes, the CTS profile match also passes, and the patch version is more than three months old, the device is considered low risk.
Risk classification based on points. The more checks the device passes, the more points it earns. See the points system:
- 0-5 points → High Risk
- 5-7 points → Medium Risk
- 8-9 points → Low Risk
- 9-10 points → Secure
Security Check Frequency
Basic Integrity and CtsProfileMatch are calculated in three instances:
- During provisioning
- Every five hours after provisioning
- When requested by the console