Comparing applications and assessing differences

US 9,563,749 B2
Filed: 04/21/2015
Issued: 02/07/2017
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method for identifying counterfeit mobile application programs comprising:

measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program; and

,when the degree of similarity is within a threshold degree of similarity;

comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application programs, wherein the determining that one of the first or second mobile application programs is a counterfeit comprises determining that the first mobile application program is the counterfeit of the second mobile application program based on the at least one identified difference being a price of the first mobile application program is less than a price of the second mobile application program.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An analysis including a comparison is performed of first and second applications and a determination is made regarding whether the first is a counterfeit version of the second application, or vice-versa. Based on the analysis and comparison, and based on an assessment of the first application, an assessment of the second application may be generated.

158 Citations

20 Claims

1. A method for identifying counterfeit mobile application programs comprising:
- measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program; and
  
  ,when the degree of similarity is within a threshold degree of similarity;
  
  comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application programs, wherein the determining that one of the first or second mobile application programs is a counterfeit comprises determining that the first mobile application program is the counterfeit of the second mobile application program based on the at least one identified difference being a price of the first mobile application program is less than a price of the second mobile application program.

2. A method for identifying counterfeit mobile application programs comprising:
- measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program; and
  
  ,when the degree of similarity is within a threshold degree of similarity;
  
  comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application programs, wherein the first mobile application program is from a first source of mobile application programs, the second mobile application program is from a second source of mobile application programs, different from the first source, and the method further comprises;
  
  designating one of the first or second sources as being an official source for mobile application programs;
  
  when the one official source for mobile application programs is the first source, determining that the second mobile application program is the counterfeit of the first application program; and
  
  when the one official source for mobile application programs is the second source, determining that the first mobile application program is the counterfeit of the second mobile application program.
- View Dependent Claims (3, 4)
- - 3. The method of claim 2 wherein the first metadata includes a description of the first mobile application program, and the second metadata includes a description of the second mobile application program.
  - 4. The method of claim 2 wherein the step of measuring, at a server, a degree of similarity comprises at least one of:
    - comparing a title of the first mobile application program with a title of the second mobile application program,comparing a description of the first mobile application program with a description of the second mobile application program, orcomparing an application icon of the first mobile application program with an application icon of the second mobile application program.

5. A method for identifying counterfeit mobile application programs comprising:
- measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program, the measuring further including detecting code similarity between the first mobile application program and the second mobile application program; and
  
  when the degree of similarity is within a threshold degree of similarity;
  
  comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application.
- View Dependent Claims (6, 8, 10)
- - 6. The method of claim 5, the measuring, at a server, a degree of similarity further including comparing an application resource of the first mobile application program with an application resource of the second mobile application program, wherein an application resource comprises at least one of images, text, or sound.
  - 8. The method of claim 5, wherein the identified at least one difference comprises one of the first or second mobile application programs having malware, and the other of the first or second mobile application programs not having malware, andwherein the one of the first or second mobile application programs having malware is the counterfeit mobile application program.
  - 10. The method of claim 5, wherein the first and second mobile application programs are from a same source of mobile application programs.

7. A method for identifying counterfeit mobile application programs comprising:
- measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program; and
  
  ,when the degree of similarity is within a threshold degree of similarity;
  
  comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application programs, wherein the identified at least one difference comprises the first and second mobile application programs having different package names, the first and second mobile application programs having been signed with different code-signing certificates, the first and second mobile application programs having different requested permissions, the first and second mobile application programs having different digital rights management (DRM) protection, the first and second mobile application programs having different publisher names, the first and second mobile application programs having different account identifiers issued by an ad network, or the first and second mobile application programs having different behavior.

9. A method for identifying counterfeit mobile application programs comprising:
- measuring, at a server, a degree of similarity, the measuring including comparing first metadata describing a first mobile application program and second metadata describing a second mobile application program; and
  
  ,when the degree of similarity is within a threshold degree of similarity;
  
  comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs,identifying at least one difference between the first and second mobile application programs, andbased on the identified at least one difference, and the degree of similarity being within the threshold degree of similarity, determining that one of the first or second mobile application programs is a counterfeit of the other first or second mobile application programs, wherein the step of comparing the first mobile application program with the second mobile application program to identify differences between the first and second mobile application programs comprises at least one of;
  
  comparing an application binary of the first mobile application program with an application binary of the second mobile application program, orcomparing data extracted from the application binary of the first mobile application program with data extracted from the application binary of the second mobile application program.

11. A method comprising:
- downloading, over a network by a server, a first mobile application program from a first source of mobile application programs;
  
  downloading, over the network by the server, a second mobile application program from a second source of mobile application programs, different from the first source;
  
  analyzing, at the server, the first mobile application program;
  
  generating a first assessment of the first mobile application program;
  
  correlating the second mobile application program with the first mobile application program using a correlation criterion; and
  
  based on the first assessment of the first mobile application program and the correlation of the second mobile application program with the first mobile application program, generating a second assessment of the second mobile application program.
- View Dependent Claims (12)
- - 12. The method of claim 11 wherein the correlation criterion comprises a bit sequence, a string value, a media asset, computer code, a package name, a fingerprint of a code signing certificate, a developer name, a developer account, an application icon, an application image, an application title, or extracted statistical properties.

13. A method comprising:
- analyzing, at a server, a first mobile application program;
  
  generating a first assessment of the first mobile application program;
  
  correlating a second mobile application program with the first mobile application program using a correlation criterion and using a code similarity algorithm; and
  
  based on the first assessment of the first mobile application program and the correlation of the second mobile application program with the first mobile application program, generating a second assessment of the second mobile application program.
- View Dependent Claims (14, 15, 17, 18)
- - 14. The method of claim 13 wherein, when the first assessment includes a determination that the first mobile application program is malicious the second assessment includes a determination that the second mobile application program is malicious.
  - 15. The method of claim 13 wherein the second assessment comprises a determination that the second mobile application program is the same as the first mobile application program.
  - 17. The method of claim 13 wherein the second assessment comprises a determination that the second mobile application program is an upgraded version of the first mobile application program.
  - 18. The method of claim 13 wherein the second assessment comprises a determination that the second mobile application program is a pirated version of the first mobile application program.

16. A method comprising:
- analyzing, at a server, a first mobile application program;
  
  generating a first assessment of the first mobile application program;
  
  correlating a second mobile application program with the first mobile application program using a correlation criterion; and
  
  based on the first assessment of the first mobile application program and the correlation of the second mobile application program with the first mobile application program, generating a second assessment of the second mobile application program, wherein the step of generating a second assessment comprises;
  
  comparing application code of the first and second mobile application programs; and
  
  comparing digital rights management (DRM) protection of the first and second mobile application programs, wherein the second assessment includes a determination that the application code of the first and second mobile application programs is the same, and a determination that the DRM protection of the first and second mobile application programs is different.

19. A method comprising:
- analyzing, at a server, a first mobile application program;
  
  generating a first assessment of the first mobile application program;
  
  correlating a second mobile application program with the first mobile application program using a correlation criterion; and
  
  based on the first assessment of the first mobile application program and the correlation of the second mobile application program with the first mobile application program, generating a second assessment of the second mobile application program, wherein the second assessment comprises a determination that a third party has repackaged the first application program with tampered contents into the second mobile application program.

20. A method comprising:
- analyzing, at a server, a first mobile application program;
  
  generating a first assessment of the first mobile application program;
  
  correlating a second mobile application program with the first mobile application program using a correlation criterion; and
  
  based on the first assessment of the first mobile application program and the correlation of the second mobile application program with the first mobile application program, generating a second assessment of the second mobile application program, wherein the second assessment comprises a determination that the second mobile application program is produced by the same author as the first mobile application program, and the first assessment comprises a determination that the first mobile application program is malicious.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Wyatt, Timothy Micheal, Strazzere, Tim, Mahaffey, Kevin Patrick, Swami, Yogesh
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/692,669
Publication Number

US 20150302182A1
Time in Patent Office

658 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3409   for performance assessment

G06F 11/3452   Performance evaluation by s...

G06F 21/10   Protecting distributed prog...

G06F 21/562   Static detection

G06F 21/564   by virus signature recognition

G06F 2201/81   Threshold

G06F 2201/865   Monitoring of software

G06F 2201/88   Monitoring involving counting

G06F 2213/0038   System on Chip

G06Q 30/0185   Product, service or busines...

Comparing applications and assessing differences

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Comparing applications and assessing differences

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links