Detection and prevention of installation of malicious mobile applications
First Claim
1. At least one non-transitory computer readable medium comprising computer executable instructions stored thereon that, when executed, cause at least one processor to:
- receive an application identifier from a mobile device over a network connection, the application identifier comprising a key uniquely identifying an application for which a call to an installation operation has been intercepted on the mobile device, wherein the key is a hash computed from at least a portion of a mobile application setup file associated with the application;
utilize at least a portion of the application identifier to determine a status of the application from a database of records including statuses of a plurality of analyzed applications, wherein the application identifier comprises metadata associated with the application; and
send the status of the application and one or more properties of the application to the mobile device over the network connection, wherein the one or more properties indicate functionality of the application to be enabled when the application is installed on the mobile device.
9 Assignments
0 Petitions
Accused Products
Abstract
A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device'"'"'s operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application'"'"'s status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.
65 Citations
18 Claims
-
1. At least one non-transitory computer readable medium comprising computer executable instructions stored thereon that, when executed, cause at least one processor to:
-
receive an application identifier from a mobile device over a network connection, the application identifier comprising a key uniquely identifying an application for which a call to an installation operation has been intercepted on the mobile device, wherein the key is a hash computed from at least a portion of a mobile application setup file associated with the application; utilize at least a portion of the application identifier to determine a status of the application from a database of records including statuses of a plurality of analyzed applications, wherein the application identifier comprises metadata associated with the application; and send the status of the application and one or more properties of the application to the mobile device over the network connection, wherein the one or more properties indicate functionality of the application to be enabled when the application is installed on the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, the apparatus comprising:
-
at least one hardware processor; and a server application coupled to the at least one hardware processor and when running on the at least one hardware processor, the server application is to; receive an application identifier from a mobile device over a network connection, the application identifier comprising a key uniquely identifying an application for which a call to an installation operation has been intercepted on the mobile device, wherein the key is a hash computed from at least a portion of a mobile application setup file associated with the application; utilize at least a portion of the application identifier to determine a status of the application from a database of records including statuses of a plurality of analyzed applications, wherein the application identifier comprises metadata associated with the application; and send the status of the application and one or more properties of the application to the mobile device over the network connection, wherein the one or more properties indicate a functionality of the application to be enabled when the application is installed on the mobile device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
receiving, at a server application utilizing at least one hardware processor, an application identifier from a mobile device over a network connection, the application identifier comprising a key uniquely identifying an application for which a call to an installation operation has been intercepted on the mobile device, wherein the key is a hash computed from at least a portion of a mobile application setup file associated with the application; utilizing at least a portion of the application identifier to determine a status the application from a database of records including statuses of a plurality of analyzed applications, wherein the application identifier comprises metadata associated with the application; and sending the status of the application and one or more properties of the application to the mobile device over the network connection, wherein the one or more properties indicate a functionality of the application to be enabled when the application is installed on the mobile device. - View Dependent Claims (16, 17, 18)
-
Specification