In-line filtering of insecure or unwanted mobile device software components or communications
First Claim
1. A system for in-line filtering of applications for mobile devices, comprising:
- a processor configured to;
intercept a request for downloading an application to a mobile device;
determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to;
perform the following;
decompile the application to generate a source code version of the application;
determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version;
execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and
determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and
modify the response to the request for downloading the application to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and
a memory coupled to the processor and configured to provide the processor with instructions.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.
25 Citations
15 Claims
-
1. A system for in-line filtering of applications for mobile devices, comprising:
-
a processor configured to; intercept a request for downloading an application to a mobile device; determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to; perform the following; decompile the application to generate a source code version of the application; determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version; execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and modify the response to the request for downloading the application to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4)
-
-
5. A system for in-line filtering of applications for mobile devices, comprising:
-
a processor configured to; perform in-line filtering of traffic from a mobile device to the Internet; identify an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device; determine a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises to; perform the following; decompile the application to generate a source code version of the application; determine the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version; execute the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and determine the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and modify the response to the application request that is communicated to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A method of in-line filtering of applications for mobile devices, comprising:
-
performing in-line filtering of traffic from a mobile device to the Internet; identifying an application request from the in-line filtering of traffic from the mobile device to the Internet, wherein the application request includes a request to download an application to the mobile device; determining a response based on an application risk assessment for the application, wherein the application risk assessment is based at least in part on a behavior associated with the application, wherein the determining of the response comprises; performing the following; decompiling the application to generate a source code version of the application; determining the application risk assessment based on a software code path, an application action tree or a combination thereof, the software code path, the application action tree or the combination thereof being determined based on the source code version; executing the application on one or more emulators to monitor internal and external application programming interface (API) calls and downloading of new components during run-time in an emulated environment; and determining the application risk assessment based on comparing the monitored internal and external API calls and downloaded new components during the run-time to the software code path, the application action tree or the combination thereof; and modifying the response to the application request that is communicated to the mobile device by blocking downloading of the application to the mobile device based on the application risk assessment indicating an application risk policy violation, wherein the response includes a notification that the application cannot be downloaded due to the application risk policy violation. - View Dependent Claims (12, 13, 14, 15)
-
Specification