Component analysis of software applications on computing devices
First Claim
1. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a computing system to:
- receive, by a first computing device, communications from a plurality of computing devices, the communications relating to at least one application being installed on the plurality of computing devices;
in response to receiving the communications, store, by a data repository, component data including at least one known behavioral characteristic for a component of the at least one application, and further including at least one known structural characteristic for the component of the at least one application;
for a first application to be installed on a second computing device, determine first components of the first application, wherein the first components are packaged within the first application at the time of installation;
identify, via at least one processor, at least one behavior associated with each of the first components;
prior to installing the first application on the second computing device, make a comparison of permissible behaviors for the first components with identified behaviors associated with the first components, the comparison comprising accessing the component data in the data repository, and the comparison further comprising comparing the at least one known structural characteristic to at least one structural characteristic of a component in the first application;
in response to identifying a disallowed behavior from the comparison, block installation of the first application on the second computing device; and
generate a notification when the at least one structural characteristic is determined to differ from the at least one known structural characteristic.
7 Assignments
0 Petitions
Accused Products
Abstract
Detection, identification, and control of application behavior dealing with malware, security risks, data privacy, or resource usage can be difficult in an era of complex, composite software applications composed of multiple components. Software applications are analyzed to determine their components and to identify the behaviors associated with each of the components. Components can also be analyzed with respect to similarity of previously known components. Behaviors can include use of personal identifying information or device information, or any actions that can be taken by applications on the device, including user interface displays, notifications, network communications, and file reading or writing actions. Policies to control or restrict the behavior of applications and their components may be defined and applied. In one embodiment this can include the identification of advertising networks and defining policies to permit various opt-out actions for these advertising networks.
450 Citations
25 Claims
-
1. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a computing system to:
-
receive, by a first computing device, communications from a plurality of computing devices, the communications relating to at least one application being installed on the plurality of computing devices; in response to receiving the communications, store, by a data repository, component data including at least one known behavioral characteristic for a component of the at least one application, and further including at least one known structural characteristic for the component of the at least one application; for a first application to be installed on a second computing device, determine first components of the first application, wherein the first components are packaged within the first application at the time of installation; identify, via at least one processor, at least one behavior associated with each of the first components; prior to installing the first application on the second computing device, make a comparison of permissible behaviors for the first components with identified behaviors associated with the first components, the comparison comprising accessing the component data in the data repository, and the comparison further comprising comparing the at least one known structural characteristic to at least one structural characteristic of a component in the first application; in response to identifying a disallowed behavior from the comparison, block installation of the first application on the second computing device; and generate a notification when the at least one structural characteristic is determined to differ from the at least one known structural characteristic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
a data repository storing component data for known components, the component data including a known behavioral characteristic for a first known component, and the component data further including known structural characteristics; at least one processor; and memory storing instructions configured to instruct the at least one processor to; analyze a first application to determine components of the first application including a new component, the first application to be installed on a first computing device, and the new component corresponding to a behavior when executed on a computing device; perform a comparison of the new component to the component data, the performing comprising comparing the behavior of the new component to the known behavioral characteristic, and the performing further comprising comparing the known structural characteristics to identified characteristics of the new component; prior to installing the first application on the first computing device, make a determination based on the comparison that the new component corresponds to the first known component; and generate a notification when the identified characteristics are determined to differ from the known structural characteristics. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
storing, in memory, component data for known components, the component data including a known behavioral characteristic for a first known component, the component data further including behavioral data including a set of behaviors, the set of behaviors comprising determining a location of a computing device; analyze a first application to determine components of the first application including a new component, the first application to be installed on a first computing device, and the new component corresponding to a behavior when executed in a second application on a second computing device, wherein each of a plurality of different applications includes the new component, and the new component corresponds to the set of behaviors when executed on a computing device; perform, via at least one processor, a comparison of the new component to the component data, the performing comprising comparing the behavior of the new component on the second computing device to the known behavioral characteristic; and prior to installing the first application on the first computing device, make a determination based on the comparison that the new component corresponds to the first known component, the determination based in part on a context of operation of the new component, the context comprising an accessing of location information. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A method, comprising:
-
storing, in memory, a first application comprising computer-readable instructions, which when executed, cause a mobile device to; analyze a second application to determine components of the second application including a new component, the new component corresponding to a behavior when executed on a computing device other than the mobile device; perform a comparison of the new component to component data for known components, the component data including a known behavioral characteristic for a first known component, and further including at least one known structural characteristic, and the performing comprising comparing the behavior of the new component to the known behavioral characteristic, and the performing further comprising comparing the at least one known structural characteristic to at least one identified characteristic of the new component; make a determination based on the comparison that the new component corresponds to the first known component; in response to identifying a disallowed behavior from the comparison, alert the mobile device that the second application contains the disallowed behavior; and generate a notification when the at least one identified characteristic is determined to differ from the at least one known structural characteristic; sending, via at least one processor, over a communication network, the first application for storage in a data processing system for subsequent installation from the data processing system onto the mobile device.
-
-
25. A system, comprising:
-
at least one processor; and memory storing a first application, which when executed on a mobile device, causes the mobile device to; analyze a second application to determine components of the second application including a new component, the new component corresponding to a behavior when executed on a computing device other than the mobile device; perform a comparison of the new component to component data for known components, the component data including a known behavioral characteristic for a first known component, and further including at least one known structural characteristic, and the performing comprising comparing the behavior of the new component to the known behavioral characteristic, and the performing further comprising comparing the at least one known structural characteristic to at least one identified characteristic of the new component; make a determination based on the comparison that the new component corresponds to the first known component; in response to identifying a disallowed behavior from the comparison, alert the mobile device that the second application contains the disallowed behavior; and generate a notification when the at least one identified characteristic is determined to differ from the at least one known structural characteristic; memory further storing instructions configured to instruct the at least one processor to send the first application to a data processing system so that the first application can be later installed, over a communication network, on the mobile device from the data processing system.
-
Specification