Evaluation of Cerberus anti-theft app

[paroots]

I've been evaluating the Cerberus anti-theft app on my Galaxy Nexus. Overall it's a great app and I recommend it, but I've discovered one serious (but easily corrected) flaw. When one sends an SMS text message to the stolen phone, it can be seen by the thief and will almost certainly alert him to the fact that it's being tracked. Apparently this happens when you have installed 3rd party SMS apps such as Go SMS Pro. These messages are in the form: cerberus <password> <command>. The keyword 'cerberus' in addition to the command word will alert the thief. I have suggested that the keyword 'cerberus' be replaced with something less obvious. Ideally, the user can select their own keyword. I have also proposed, that as an option, numbers be used in place of the command words. For example, 'find' could be replaced with 1. and 'siminfo' with 2, etc. The existing keyword and command words can be retained if desired with the addition of the recommended values. This preserves backward compatibility and requires no changes to those that have no issues.
Pete

 

[UncleMike]

I sort of remember that being an issue before I purchased a license for Cerberus, but I only use the stock messaging app, so it didn't matter. A potential problem with this issue is that the sender is likely using the same Cerberus license, and therefore the same password. A nasty thief, seeing the message come through would now know the Cerberus password for the sender, and could potentially wipe the sender's device by sending the appropriate command from the stolen phone.

This can also happen if the commands are sent manually (without using the Cerberus client app), and there is a type in the word "cerberus" in the SMS.

 

[paroots]

I sort of remember that being an issue before I purchased a license for Cerberus, but I only use the stock messaging app, so it didn't matter. A potential problem with this issue is that the sender is likely using the same Cerberus license, and therefore the same password. A nasty thief, seeing the message come through would now know the Cerberus password for the sender, and could potentially wipe the sender's device by sending the appropriate command from the stolen phone.

This can also happen if the commands are sent manually (without using the Cerberus client app), and there is a type in the word "cerberus" in the SMS.

Thanks, interesting! As I continue to evaluate and learn more about Cerberus, I have discovered another serious issue. If the gps is turned off and you issue a start tracking or start emergency mode command from the dashboard (or SMS find command), a Location services popup occurs at the phone to which the thief may agree or disagree. This will, in all livelihood, alert the thief that he is being tracked. If the thief takes this opportunity to disable gps, he cannot be tracked. According to Cerberus support, the popup feature is built into the ROM and cannot be bypassed.
Pete

 

[paroots]

As an update, I've decided to switch to another anti-theft app called GotYa. It is totally standalone ie, it requires no 3rd party server. It does just want I want and little else. The only serious negative I've discovered so far is the lack of documentation and support although there is a little help here:
http://myboyfriendisageek.com/market/gotya/

Update: as is often the case, it sometimes takes awhile to uncover issues. I now have 3 additional features I'd like to see added to GotYa to make it even better:

1. SMS command to turn on gps
2. Option to use different icon and signon screen to disguise as a game
3. Ability to install on rooted phone as system app and survive a wipe/reset

Pete