Modifying pre-existing mobile applications to implement enterprise security policies
First Claim
1. A method comprising:
- disassembling, by a computing device, executable code of a mobile application associated with an enterprise into disassembled code;
analyzing, by the computing device, the disassembled code;
modifying, by the computing device, the disassembled code to add new code that causes the mobile application to;
detect that the mobile application is being used within a pre-defined time window;
detect a request by the mobile application to access a site not associated with the enterprise; and
add one or more headers to the request that cause the request to be sent via an application tunnel to a content-filtering device configured to;
determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window;
strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access; and
after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise;
obfuscating at least a portion of the new code to inhibit reverse engineering of the new code; and
rebuilding the mobile application using the modified disassembled code.
9 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user'"'"'s position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
-
Citations
27 Claims
-
1. A method comprising:
-
disassembling, by a computing device, executable code of a mobile application associated with an enterprise into disassembled code; analyzing, by the computing device, the disassembled code; modifying, by the computing device, the disassembled code to add new code that causes the mobile application to; detect that the mobile application is being used within a pre-defined time window; detect a request by the mobile application to access a site not associated with the enterprise; and add one or more headers to the request that cause the request to be sent via an application tunnel to a content-filtering device configured to; determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window; strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access; and after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise; obfuscating at least a portion of the new code to inhibit reverse engineering of the new code; and rebuilding the mobile application using the modified disassembled code. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Non-transitory computer-readable media storing computer-readable instructions that, when executed by a processor, cause a device to:
-
disassemble executable code of a mobile application associated with an enterprise into disassembled code; analyze the disassembled code; modify the disassembled code to add new code that causes the mobile application to; detect that the mobile application is being used within a pre-defined time window; detect a request by the mobile application to access a site not associated with the enterprise; and add one or more headers to the request that cause the request to be sent via an application tunnel to a content-filtering device configured to; determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window; strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access; and after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise; obfuscate at least a portion of the new code to inhibit reverse engineering of the new code; and rebuild the mobile application using the modified disassembled code. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
a device comprising; one or more first processors; and first non-transitory memory storing first computer-readable instructions that, when executed by the one or more first processors, cause the device to; disassemble executable code of a mobile application associated with an enterprise into disassembled code; analyze the disassembled code; modify the disassembled code to add new code that causes the mobile application to; detect that the mobile application is being used within a pre-defined time window; detect a request by the mobile application to access a site not associated with the enterprise; and add one or more headers to the request by the mobile application that cause the request to be sent via an application tunnel to a content-filtering server; obfuscate at least a portion of the new code to inhibit reverse engineering of the new code; and rebuild the mobile application using the modified disassembled code; and the content-filtering server, comprising; one or more second processors; and second non-transitory memory storing second computer-readable instructions that, when executed by the one or more second processors, cause the content-filtering server to; receive the request by the mobile application to access the site not associated with the enterprise; inspect the request; determine whether the site not associated with the enterprise is authorized for access within the pre-defined time window; strip the one or more headers from the request responsive to determining that the site not associated with the enterprise is authorized for access within the pre-defined time window; and after stripping the one or more headers from the request, forward the request to the site not associated with the enterprise. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification