Mobile application reputation helps security providers decide if an app presents a risk to their customers. But what are these risks and how do we quantify them?
The good, the bad, and the ugly of apps
The apps we download onto our mobile devices are sometimes good, occasionally bad, and a few hide secrets – secrets that might harm some users, but not others.
Although app stores generally strive to remove malicious apps, it is unfortunate that content on an app store cannot be trusted entirely.
There are many examples of Android apps exhibiting malicious or unexpected behavior. The worst apps steal data or are a platform for financial theft. Others place user data at risk, either through poor design or incompetence.
Even the best-known app stores battle to keep their virtual shelves clean. Google removes tens of apps every month from Google Play and blocks many more for policy violations. Since 2017, Google has removed more than 1700 apps containing Joker malware. More recently, my colleagues in the Avira Protection Labs detailed how apps containing the Wroba banking trojan target Android users in Japan.
Malicious apps can be available on a store for download long before anyone is aware they contain malware. Even if an app is not overtly malicious, it may still hide a secret. So it is also important to understand how an app accesses, handles, and stores data. Does it do it in a way that that puts user data or privacy at risk?
Why application reputation is mainly an issue for Android apps
Admittedly, it’s not just a challenge for Android app stores. Potentially malicious behavior has been attributed to iOS apps. However, the nature of the Apple app store and the way apps run on an iOS device – sandboxed – makes malevolent behavior much less likely. Generally, iOS apps present less of a risk to consumers and enterprises.
What do we want to know?
Trust. Consumers and businesses want to know they can trust the apps they use.
Service providers and consumer (or enterprise) security vendors want to protect their customers or add value to their service.
Their challenge is how to obtain sufficient detailed intelligence to enable a decision to limit or block access to an app.
Clearly, preventing the download of a malicious app is beneficial. However, it is not always an easy decision to block or limit access to an app, particularly when its behavior is not malicious, just potentially undesirable.
It may be that the app uses an unwanted ad framework or stores data in a foreign jurisdiction. It may merely use too much power, compromising battery life. Or it may consume too much memory, slow down the platform and harm the user experience.
Mobile application reputation
Mobile application reputation services can deliver a basic assessment of an app, or it can provide a complete 360-degree assessment. A detailed 360 app assessment typically includes the meta data associated with the app, the app’s behavior, and the risks taken with the user’s data.
Metadata looks at the history and reputation of the app and publisher. It creates an assessment of their credibility and helps us understand the level of trust we can place in them. When we consider the app’s behavior, we look for actions that might put the user at risk: Is the the app malicious, or is there a risk of data leakage because of what the app does with the user data, or where it stores the data? Finally, we can also assess the app’s impact on on the device – its memory, processor, and battery performance.
Ultimately, mobile app reputation services deliver insight into how an app might harm a user. They enable the creation of a service to protect a customers’ privacy, their data, and their bank account.
If you are interested in finding out more about how you can integrate mobile app reputation services into your own security offering, then email us or fill out our contact form and get the conversation started!
Want to comment on this post?
We encourage you to share your thoughts on your favorite social platform.