Systems and methods for detecting malware on mobile platforms
First Claim
1. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive an application;
receive a request from a mobile computing platform to evaluate the application for malware, wherein the mobile computing platform places a limitation on an ability of third-party software to inspect application behavior;
receive emulation information from the mobile computing platform, the emulation information relating to emulating the mobile computing platform, the emulation information comprising an emulation credential;
look up the emulation credential in a database to retrieve hardware and/or software details of the mobile computing platform;
evaluate the application for malware by;
executing the application within an emulation of the mobile computing platform based on the hardware and/or software details of the mobile computing platform retrieved from the database by looking up the emulation credential received from the mobile computing platform in the database;
circumventing the limitation on the ability of third-party software to inspect application behavior by performing a behavioral analysis on the application executing within the emulation of the mobile computing platform;
transmit a result of evaluating the application for malware to the mobile computing platform.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting malware on mobile platforms may include (1) identifying an application on a mobile computing platform subject to a malware evaluation, (2) transmitting the application to a security server, (3) providing emulation information to the security server, the emulation information relating to emulating the mobile computing platform, (4) receiving a result of the malware evaluation as performed by the security server, the malware evaluation including the security server using the emulation information to execute the application within an emulation of the mobile computing platform, and (5) performing a security action based on the result of the malware evaluation. Various other methods, systems, and computer-readable media are also disclosed.
248 Citations
20 Claims
-
1. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
receive an application; receive a request from a mobile computing platform to evaluate the application for malware, wherein the mobile computing platform places a limitation on an ability of third-party software to inspect application behavior; receive emulation information from the mobile computing platform, the emulation information relating to emulating the mobile computing platform, the emulation information comprising an emulation credential; look up the emulation credential in a database to retrieve hardware and/or software details of the mobile computing platform; evaluate the application for malware by; executing the application within an emulation of the mobile computing platform based on the hardware and/or software details of the mobile computing platform retrieved from the database by looking up the emulation credential received from the mobile computing platform in the database; circumventing the limitation on the ability of third-party software to inspect application behavior by performing a behavioral analysis on the application executing within the emulation of the mobile computing platform; transmit a result of evaluating the application for malware to the mobile computing platform. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for detecting malware on mobile platforms, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
receiving an application; receiving a request from a mobile computing platform to evaluate the application for malware, wherein the mobile computing platform places a limitation on an ability of third-party software to inspect application behavior; receiving emulation information from the mobile computing platform, the emulation information relating to emulating the mobile computing platform, the emulation information comprising an emulation credential; looking up the emulation credential in a database to retrieve hardware and/or software details of the mobile computing platform; evaluating the application for malware by; executing the application within an emulation of the mobile computing platform based on the hardware and/or software details of the mobile computing platform retrieved from the database by looking up the emulation credential received from the mobile computing platform in the database; circumventing the limitation on the ability of third-party software to inspect application behavior by performing a behavioral analysis on the application executing within the emulation of the mobile computing platform; transmitting a result of evaluating the application for malware to the mobile computing platform. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A system for detecting malware on mobile platforms, the system comprising:
-
a receiving module programmed to; receive an application; receive a request from a mobile computing platform to evaluate the application for malware, wherein the mobile computing platform places a limitation on an ability of third-party software to inspect application behavior; receive emulation information from the mobile computing platform, the emulation information relating to emulating the mobile computing platform, the emulation information comprising an emulation credential; look up the emulation credential in a database to retrieve hardware and/or software details of the mobile computing platform; an evaluation module programmed to evaluate the application for malware by; executing the application within an emulation of the mobile computing platform based on the hardware and/or software details of the mobile computing platform retrieved from the database by looking up the emulation credential received from the mobile computing platform in the database; circumventing the limitation on the ability of third-party software to inspect application behavior by performing a behavioral analysis on the application executing within the emulation of the mobile computing platform; a transmission module programmed to transmit a result of evaluating the application for malware to the mobile computing platform; at least one processor configured to execute the receiving module, the evaluation module, and the transmission module. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification