Skip navigation

Introducing X-Ray 2.0: Vulnerability Detection for Android Devices

Back in 2012, the Duo Labs security research team released the first-ever vulnerability scanner for Android-based devices known as X-Ray.

X-Ray 2.0

X-Ray is an app anyone can download that safely scans for vulnerabilities on your Android phone or tablet, allowing you to assess your current mobile security risk.

At the time, X-Ray scanned devices for eight serious vulnerabilities and was not really updated as often as we would have liked.

Since our first attempt at Android vulnerability assessment, there have not only been a lot more vulnerabilities impacting the platform, but also some changes in how we are able to test devices for the existence of those vulnerabilities.

Additionally, others such as NowSecure have released their own Android Vulnerability Test Suite (VTS) and the Android team over at Google have even added vulnerability checks to their Compatibility Test Suite (CTS).

These are fantastic developments in the Android security world however, leveraging Google's CTS for example, requires a bit more technical know-how than most non-developer users may have.

As one of Duo Labs' guiding principles is to keep security simple, we are proud to announce a refresh of our Android vulnerability assessment tool, X-Ray.

Earlier this year, when we set out to update X-Ray, we wanted to not only add more serious vulnerabilities to our list of items scanned for, but we also wanted to ensure that X-Ray could be easily updated in the future as required. We determined that the best course of action was to integrate X-Ray with other publicly available tools.

This means, as new vulnerabilities are added to these testing frameworks, users will automatically get them added to X-Ray as well, to ensure timely detection. In addition, our focus will shift from updating X-Ray to adding to Google's CTS and NowSecure VTS instead. By contributing to CTS and VTS, we are able to not only keep X-Ray up to date, but also contribute to the overall testing community.

We hope you find our updated X-Ray tool useful and we welcome any feedback or questions you may have at xray@duosecurity.com. For a list of all the vulnerabilities X-Ray scans for, or to download the app, head on over to https://labs.duosecurity.com/xray.

Steve Manzuik

Director of Security Research

Steve is the Director of Security Research at Duo Security’s Duo Labs (@duo_labs) where he is responsible for our team of crazy researchers. Steve brings over 20 years of Information Security experience including roles at various product companies, consultancies and research teams.