Detecting malware on mobile devices
First Claim
Patent Images
1. A method comprising:
- receiving, by a security module operating on a network device, from an application source, data for an application including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application;
determining, by the network device, a type for the application;
storing, by the network device, the received data for the application in a region of a storage medium of the network device;
receiving, by the network device, from a management console, a second set of permissions including at least one of allowable permissions representing permissions allowed for the type for the application or disallowable permissions representing permissions that are not allowed for the type for the application;
based on a comparison of the first set of application permissions and the second set of permissions, by the network device, allowing the application to execute or preventing the application from executing.
8 Assignments
0 Petitions
Accused Products
Abstract
In one example, a mobile device includes a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, and a processing unit configured to determine a type for the application and, based on an analysis of the set of application permissions and the type for the application, determine whether the application includes malware.
103 Citations
17 Claims
-
1. A method comprising:
-
receiving, by a security module operating on a network device, from an application source, data for an application including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application; determining, by the network device, a type for the application; storing, by the network device, the received data for the application in a region of a storage medium of the network device; receiving, by the network device, from a management console, a second set of permissions including at least one of allowable permissions representing permissions allowed for the type for the application or disallowable permissions representing permissions that are not allowed for the type for the application; based on a comparison of the first set of application permissions and the second set of permissions, by the network device, allowing the application to execute or preventing the application from executing. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network device comprising:
-
a storage medium comprising a region for storing data for applications; a network interface configured to receive data for an application, from an application source, including a first set of application permissions describing elements of the network device to which the application will have access upon installation of the application and a second set of permissions, from a management console, including at least one of allowable permissions representing permissions allowed for the application or disallowable permissions representing permissions that are not allowed for the application; and a processing unit configured to store the received data for the application in the region of the storage medium, and, based on a comparison of the first set of application permissions and the second set of permissions, allow the application to execute or prevent the application from executing. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An enterprise network threat management system comprising:
-
a plurality of network devices configured to communicate via a broadband network, each of the network devices comprising a security management module, wherein each of the plurality of network devices is configured to receive, from an application source, data for an application including a set of application permissions describing elements of the network device to which the application will have access upon installation of the application on the network device, and wherein the network device is further configured to determine, from the application data, an application type; and a management console configured to communicate via the broadband network, the management console including data representing a set of normal application permissions for each of a plurality of different application types, wherein the security management modules of the network devices are configured to receive, from the management console, the set of normal application permissions for each of the plurality of different application types, and store the set of application permissions for each of the plurality of different application types on the corresponding network device, and wherein after receiving the data for the application from the application source, the security management module is configured to compare the normal application permissions for the application type stored on the network device with the set of application permissions included in the application data received from the application source and, based on the comparison, allow the application to execute or prevent the application from executing. - View Dependent Claims (14, 15, 16, 17)
-
Specification