VTS scans Android devices for publicly-known vulnerabilities

Share this…

Vulnerability Test Suite (VTS) is a free application for Android that scans devices running the operating system for publicly-disclosed vulnerabilities.

Publicly-disclosed vulnerabilities remain a threat months or even years after disclosed due to how patches are delivered to user systems.

Once Google has created a patch for a disclosed vulnerability, it is up to the device manufacturer to implement it and either make it available directly or submit it to carriers for another round of testing before the updates are made available to customers.

There is no universal update system available that would deliver the patches directly to customer systems, or one where customers could download patches for their devices directly.

The Android Vulnerability Test Suite checks the device for known vulnerabilities, and lists them in its interface afterwards.

The Android Vulnerability Test Suite checks the device for known vulnerabilities, and lists them in its interface afterwards.

vts for android

The application uses checks that won’t cause notable system instabilities or other issues, and takes only a moment to scan the system for these vulnerabilities.

Vulnerabilities that it can detect include Stagefright, various Zip bugs or StumpRoot. A full list of supported vulnerabilities is provided on the project’s Github project page.

All checks are listed with a name, short description and whether the device is vulnerable or not. A show details button opens an overlay with additional information, including links to web pages with more information and patches if already available.

A tap on a link opens it in the default system browser. The only options provided besides that are to export the results or to share them.

The application informs you about vulnerabilities, but there is little that you can do if vulnerabilities are discovered even if a patch is available.

While you may sometimes change how you use the device to avoid falling victim to an attack targeting a specific vulnerability, that may not always be possible depending on the vulnerabilities.

You could contact the device manufacturer and carrier to get them to react to vulnerabilities more quickly, or install a third-party modification or custom ROM that takes care of that if available.

Closing Words

The Vulnerability Test Suite is a useful Android application that scans the device for know vulnerabilities. It can be reassuring if no unpatched vulnerabilities are discovered, but also helpful if you know about existing vulnerabilities as you may be able to do something about them then (thanks Imu).