Detection and prevention of installation of malicious mobile applications
First Claim
1. A non-transitory computer readable medium comprising computer executable instructions stored thereon that, when executed, cause a processor to:
- intercept a request to install an application on a mobile device, the request initiated by a first portion of a mobile application setup file on the mobile device, wherein the mobile application setup file includes a second portion including program code of the application to be installed;
generate a key based on at least a portion of the second portion of the mobile application setup file, wherein the key uniquely identifies the application;
send the key over a network connection to a server application;
receive a response over the network connection from the server application before the application is installed on the mobile device, the response to include a status of the application that indicates whether the application is malicious; and
block the first portion of the mobile application setup file from executing to install the application on the mobile device when the status indicates the application is malicious.
10 Assignments
0 Petitions
Accused Products
Abstract
A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device'"'"'s operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application'"'"'s status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.
52 Citations
20 Claims
-
1. A non-transitory computer readable medium comprising computer executable instructions stored thereon that, when executed, cause a processor to:
-
intercept a request to install an application on a mobile device, the request initiated by a first portion of a mobile application setup file on the mobile device, wherein the mobile application setup file includes a second portion including program code of the application to be installed; generate a key based on at least a portion of the second portion of the mobile application setup file, wherein the key uniquely identifies the application; send the key over a network connection to a server application; receive a response over the network connection from the server application before the application is installed on the mobile device, the response to include a status of the application that indicates whether the application is malicious; and block the first portion of the mobile application setup file from executing to install the application on the mobile device when the status indicates the application is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 18)
-
-
12. A method, comprising:
-
intercepting, utilizing a processor in a mobile device, a request to install an application on the mobile device, the request initiated by a first portion of a mobile application setup file on the mobile device, wherein the mobile application setup file includes a second portion including program code of the application to be installed; generating, utilizing the processor, a key based on at least a portion of the second portion of the mobile application setup file, wherein the key uniquely identifies the application; sending, utilizing the processor, the key over a network connection to a server application; receiving, utilizing the processor, a response over the network connection from the server application before the application is installed on the mobile device, the response to include a status of the application that indicates whether the application is malicious; and blocking, utilizing the processor, the first portion of the mobile application setup file from executing to install the application when the status indicates that the application is malicious. - View Dependent Claims (13, 14)
-
-
15. A mobile device, comprising:
-
a memory including instructions; a network interface; and a processor operatively coupled to the memory and the network interface, the processor adapted to execute the instructions stored in the memory to; intercept a request to install an application on the mobile device, the request initiated by a first portion of a mobile application setup file on the mobile device, wherein the mobile application setup file includes a second portion including program code of the application to be installed; generate a key based on at least a portion of the second portion of the mobile application setup file, wherein the key uniquely identifies the mobile application; send the key, utilizing the network interface, to a server application; receive a response, utilizing the network interface, from the server application before the application is installed on the mobile device, the response to include a status of the application that indicates whether the application is malicious; and block the first portion of the mobile application setup file from executing to install the mobile application on the mobile device when the status indicates that the mobile application is malicious. - View Dependent Claims (16, 17, 19, 20)
-
Specification