Detecting malware on mobile devices
First Claim
Patent Images
1. A method comprising:
- receiving, by a mobile device, data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application;
determining, by the mobile device, a type for the application, wherein the type for the application corresponds to a set of expected elements of the mobile device to which applications of that type have access upon installation; and
based on a comparison of the set of application permissions for the application and the set of expected elements of the mobile device to which the type for the application corresponds, determining, by the mobile device, whether the application includes malware.
12 Assignments
0 Petitions
Accused Products
Abstract
In one example, a mobile device includes a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, and a processing unit configured to determine a type for the application and, based on an analysis of the set of application permissions and the type for the application, determine whether the application includes malware.
-
Citations
35 Claims
-
1. A method comprising:
-
receiving, by a mobile device, data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application; determining, by the mobile device, a type for the application, wherein the type for the application corresponds to a set of expected elements of the mobile device to which applications of that type have access upon installation; and based on a comparison of the set of application permissions for the application and the set of expected elements of the mobile device to which the type for the application corresponds, determining, by the mobile device, whether the application includes malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A mobile device comprising:
-
a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, wherein the type for the application corresponds to a set of expected elements of the mobile device to which applications of that type have access upon installation; and a processing unit configured to determine a type for the application and, based on a comparison of the set of application permissions for the application and the set of expected elements of the mobile device to which the type for the application corresponds, determine whether the application includes malware. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
a plurality of mobile devices; and a threat management center configured to determine sets of permissions associated with various types of applications and to distribute the determined sets of permissions to the plurality of mobile devices, wherein each of the plurality of mobile devices is configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, to determine a type for the application, wherein the type for the application corresponds to a set of expected elements of the mobile device to which applications of that type have access upon installation, and, based on a comparison of the set of application permissions for the application and the set of expected elements of the mobile device to which the type for the application corresponds, determine whether the application includes malware. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a processor of a mobile device to:
-
receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application; determine a type for the application, wherein the type for the application corresponds to a set of expected elements of the mobile device to which applications of that type have access upon installation; and based on a comparison of the set of application permissions for the application and the set of expected elements of the mobile device to which the type for the application corresponds, determine whether the application includes malware. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
Specification