Identifying application sources on non-rooted devices
First Claim
1. A method comprising:
- monitoring for an application installation of an application on a computing device by a security application executing on the computing device, wherein the security application does not have root access to an operating system executing on the computing device;
extracting a process identifier (PID) of the application being installed from a log message associated with the application installation;
determining a package name from the PID, wherein the package name identifies an application store from which the application is installed;
submitting the package name to a security service over a network;
receiving, based on the package name, a confidence level for the application store from the security service over the network; and
performing a security action based on the confidence level received from the security service.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for identifying an application source from which an application is installed on a non-rooted computing device. An application source identifier of a security application that does not have root access to an operating system monitors for an application installation. The application source identifier extracts a process identifier (PID) of the application being installed from a log message associated with the application installation and determines a package name from the PID. The PID identifies an application source from which the application is installed. The application source identifier receives, based on the package name, a confidence level for the application source from a security service over a network.
22 Citations
18 Claims
-
1. A method comprising:
-
monitoring for an application installation of an application on a computing device by a security application executing on the computing device, wherein the security application does not have root access to an operating system executing on the computing device; extracting a process identifier (PID) of the application being installed from a log message associated with the application installation; determining a package name from the PID, wherein the package name identifies an application store from which the application is installed; submitting the package name to a security service over a network; receiving, based on the package name, a confidence level for the application store from the security service over the network; and performing a security action based on the confidence level received from the security service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device comprising:
-
a memory; and a processor coupled with the memory to execute a security application that does not have root access to an operating system executing on the processor, wherein the security application is to; monitor for an application installation of an application on the computing device; extract a process identifier (PID) of the application being installed from a log message associated with the application installation; determine a package name from the PID, wherein the package name identifies an application store from which the application is installed; submit the package name to a security service over a network; receive, based on the package name, a confidence level of the package name from the security service over the network; and perform a security action based on the confidence level received from the security service. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium including instructions that, when executed by a processor of a computing device, cause the processor to:
-
monitor for an application installation of an application on the computing device by a security application executing on the computing device, wherein the security application does not have root access to an operating system executing on the computing device; extract a process identifier (PID) of the application being installed from a log message associated with the application installation; determine a package name from the PID, wherein the package name identifies an application store from which the application is installed; submit the package name to a security service over a network; receive, based on the package name, a confidence level of the package name from the security service over the network; and perform a security action based on the confidence level. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification