Yes. Sometimes, it's difficult to tell if someone is sending you a link to a real site or a site that may steal financial or other sensitive information. Whether you received the link from email, text, a messaging app, or social media, you can use the Michigan Secure app to help determine if the link is safe or a possible phishing attempt.

No. You can use Michigan Secure without a Wi-Fi connection.

Checking a phishing link depends on the device you are using with Michigan Secure:

• On Apple OS devices with Michigan Secure installed, press and hold the link for a few seconds until Share appears. Then select Michigan Secure. The app will tell you if the link is safe or not.

  If you do not see Michigan Secure on the Share menu after installing it, then as a one-time action, press and hold the link for a few seconds until the Share button appears. Select Edit Actions at the bottom of the menu and click the Michigan Secure toggle button to enable the app.

• On Android devices with Michigan Secure installed, press and hold the link for a few seconds until Share appears. Then select Michigan Secure. The app will tell you if the link is safe or not.

Michigan Secure monitors your device and the Wi-Fi networks around in real time to identify potential threats. For Android users, Michigan Secure will also detect whether an app you downloaded might be unsafe.

When Michigan Secure detects a threat, the app displays an alert with recommended options on how to address the threat.

Michigan Secure utilizes technology already in use to protect residents in other regions, such as New York City and Los Angeles. The application has also been reviewed by Michigan Cyber Security within the State of Michigan's Department of Technology, Management, and Budget, and its source code was reviewed by an independent third-party assessor.

Security for mobile devices through better privacy protections inspired this app. That’s why this app was engineered with a privacy-first approach: Michigan Secure uses only the necessary information points from your device to monitor threats— none of the information is linked to you and no information leaves the device. Best of all, the app does not require an internet connection to detect a threat, so alerts are immediate.

• For iOS
  • Install/Setup = 7 MB to 9 MB
  • Daily Usage = 3 MB to 5 MB
• For Android:
  • Install/Setup= 14 MB to 16 MB
  • Daily Usage = 4 MB to 6 MB

Michigan Secure requires 75 MB to 80 MB.

Yes. The State of Michigan wants to reduce the potential for malicious cyber activities – the easiest way to do this is by offering free protection for all residents. That’s why Michigan Secure is free to download and use without monthly charges, in-app purchases, or ads. You can even receive updates or upgrades free of charge.

Device Jailbreaking (iOS) or Rooting (Android)

When an iOS device is jailbroken, or an Android device is rooted, malicious processes can gain unauthorized access or elevated privileges and take full control of the device, compromising its security.

If your device is jailbroken/rooted, it is recommended that (i) you back up any sensitive data, (ii) restore the device to the original factory settings via device settings, and (iii) subsequently update the device to the latest device software; you can do this by accessing the device settings, visiting the device manufacturer’s website, or contacting the device manufacturer’s customer support center.

Elevation of Privileges (Android)

An elevation-of-privileges alert is reported when a malicious process running as the user elevates to root on the device and gains an escalation of privileges. In other words, the user installed an app from a third-party store that executed an exploit and gained root privileges on the device.

Through an elevation-of-privileges attack, the attacker essentially offers someone other than you the keys to the castle. The attack tricks the device OS into thinking that the attacker has legitimate administrative privileges, compromising the security of the device.

If you receive an elevation-of-privileges alert, it is recommended that (i) you back up any sensitive data, (ii) restore the device to the original factory settings via device settings, and (iii) subsequently update the device to the latest device software; you can do this by accessing the device settings, visiting the device manufacturer’s website, or contacting the device manufacturer’s customer support center.

Rogue Access Point (iOS and Android)

A network threat is triggered when the device is connected to a rogue access point. An alert informs you that there may be an issue with a Wi-Fi network that you might be inclined to trust, so you can disconnect and take other precautionary actions.

An attacker uses a rogue access point that can exploit a device vulnerability to connect to a previously known Wi-Fi network. Users will see previously connected wireless networks as available (for example, your home wireless network may display as available at an unexpected location), or the device will automatically connect to one.

If an attacker installs a rogue access point, the attacker is able to run various types of vulnerability scanners, and rather than having to be physically inside the organization, they can attack remotely—perhaps from a reception area, adjacent building, car park, or with a high-gain antenna, even from several miles away.

If a rogue access point network threat is reported, Michigan Secure would recommend disconnecting from the wireless network immediately, switching to a secure network, and changing the passwords of any online services accessed when you were connected to the rogue access point.

SSL Strip Network (iOS and Android)  

SSL strip alert means that the webpages you are viewing may not be secure. For example, an attack will force users to visit webpages in HTTP instead of HTTPS. This will help an attacker to intercept the usernames and passwords in clear text. A network threat is reported if an attacker performs an SSL strip attack via a rogue or compromised access point.

If an SSL strip network threat is reported, Michigan Secure would recommend disconnecting from the wireless network immediately and changing the passwords of the online services accessed when you were connected to the network.

Suspicious Android App (Android)

It is possible to download an app that is unsafe or deliberately designed to infect users’ devices from a legitimate source. A device threat is reported when you attempt to install a malicious app.

If a malicious app is preinstalled on the device, then Michigan Secure will detect the malicious app after a complete device scan. If a suspicious Android app threat detection is reported, delete the downloaded file or uninstall the detected Android app.

System Tampering (iOS and Android)  

System tampering is the process of removing security limitations enforced by the device manufacturer. As a result, the device is fully compromised and can no longer be trusted. For example, system tampering is detected when an end user roots an Android device or jailbreaks an iOS device.

With a system tampering threat alert, it is recommended that (i) you back up any sensitive data, (ii) restore the device to the original factory settings via device settings, and (iii) subsequently update the device to the latest device software; you can do this by accessing the device settings, visiting the device manufacturer’s website, or contacting the device manufacturer’s customer support center.

SELinux Disabled (Android)

Security-Enhanced Linux (SELinux) is a security feature in the operating system that helps maintain the integrity of the operating system via an implementation of a mandatory access control mechanism.

If SELinux has been disabled, the integrity of the operating system may be compromised and should be addressed immediately. If Michigan Secure alerts you to a “SELinux is disabled” device threat, it is recommended that (i) you back up any sensitive data, (ii) restore the device to the original factory settings via device settings, and (iii) subsequently update the device to the latest device software; you can do this by accessing the device settings, visiting the device manufacturer’s website, or contacting the device manufacturer’s customer support center.

Unsecure Wi-Fi (iOS and Android)

Most users of unsecure Wi-Fi networks assume that online activity is protected, but most publicly available Wi-Fi networks lack adequate security protections for users. The State of Michigan wants to help you mitigate the risks of using public/open Wi-Fi networks.

Michigan Secure alerts you of an unsecure Wi-Fi when the device is connected to an open/public wireless network that doesn’t require a wireless encryption (e.g., WPA, WPA2) password. Connecting to an unsecured network exposes your phone and the information that you transmit to a potential attack by an unauthorized party. When an unsecured Wi-Fi network threat is detected, it is recommended that you disconnect and switch to a secure network with encryption capabilities that will prompt you for a password.

Device Encryption (Android)

Device encryption is enabled by default on Android 6 and above, but it is disabled on older Android versions.

If an “encryption not enabled” device threat is observed, Michigan Secure recommends enabling device encryption via device settings.

Device PIN Not Enabled (iOS and Android)

A device threat is reported when the device is not set up to use a PIN and/or password—the first line of defense for your phone.

If Michigan Secure displays this alert, you must set up a PIN/access code via device settings.

Stagefright Vulnerability (Android only)

In a Stagefright attack, an attacker sends a link or an MMS to an end user. Opening the link will exploit the media server-related vulnerabilities on the device. This will help an attacker get remote code execution privileges on the user device.

Michigan Secure displays an alert after verifying your current OS version and patch level and determining that your device is vulnerable to a Stagefright attack. A Stagefright vulnerability can be addressed by updating your device to the latest operating system. If you cannot upgrade to the latest OS version, it is recommended that you replace the device.

Download Apps from Unknown Sources (Android only)

App stores make a concerted effort to run security checks and vet apps before they are uploaded to the story and made publicly available for download. That’s why installing apps from unknown sources is a bad idea.

Michigan Secure displays this alert if your settings allow you to download apps from unknown source. It is recommended that you disable this option in the settings for your device.

USB Debugging Mode (Android only)

USB debugging is an advanced configuration intended for development purposes. By enabling USB debugging, a device can be accessed and controlled by someone other than you when plugged into an unfamiliar USB port, such as a public charging station. Once plugged in, a malicious user can effectively steal private information from the device or push some sort of malware onto it.

Michigan Secure displays this alert if USB debugging is enabled. It is recommended that you disable this option in the settings for your device.

Both Zimperium and the State of Michigan cannot see or access any personally identifiable information (PII), including your location, IMEI, device serial number, phone number, text messages, pictures, emails, or any other information on your device.

Zimperium only sees:

• A device ID (an anonymized, randomly generated number that can only identify how many people at any given time have downloaded Michigan Secure).
• The device type (whether the device ID is attached to an iOS or Android device) and the current version of Michigan Secure.

The Michigan Secure app is a mobile app offered to Michigan residents for free. This app alerts you if your mobile device, tablet, or Chromebook encounters threats, such as a potentially unsecure Wi-Fi network. With each alert, Michigan Secure will offer recommendations on how to address the threat it detected.

Best of all, Michigan Secure will not access or distribute any personal information on your device. 

Michigan Secure works on:  

• iPhones with iOS v11.0 and above or later  
• Android devices with Android v6.0 and above or later 
• Chromebook with Android app support 

Michigan Secure displays three kind of alerts:

• Device alerts warn you about settings or activity that could potentially put your device at risk.
• Network alerts warn you when your device may be connected to a potentially compromised network.
• App alerts (Android only) warn you when issues that may compromise your Android device's security arise on a downloaded app.

Michigan Secure was developed by Zimperium, a company based in the United States. Zimperium is a global leader in mobile security, offering real-time, on-device protection against both known and unknown iOS and Android threats.

While mobile phones do provide some security features like PINs and lock codes, most do not come with security software to detect threats or vulnerabilities. Your mobile phone has many entry points that need to be protected, such as your camera, access to apps, and your location information. Michigan Secure provides critical information and directions on what to do if your phone is at risk of compromise.

NONE! Michigan Secure was designed with your privacy at the forefront. You will not be asked to provide any information about yourself to download the app. Nothing about you or your activity ever leaves the device.