Systems and methods for application security analysis
First Claim
1. A method, comprising:
- evaluating each of a plurality of applications for each of privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior, the plurality of applications residing on a mobile device, the mobile device being configurable to access an enterprise system, the evaluating comprising;
performing a static analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior;
performing a dynamic analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior; and
performing a behavior analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior;
based on the static analysis, dynamic analysis, and behavior analysis, calculating a score for each of the plurality of applications;
determining whether each of the plurality of applications meets or exceeds a score threshold; and
automatically remediating each of the applications, of the plurality of applications, for which the score meets or exceeds the score threshold.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for analyzing applications for risk are provided. In the example method, the applications reside on a mobile device that is configurable to access an enterprise system. The example method includes evaluating each of a plurality of applications variously for privacy, data leakage, and malicious behavior. The example method also includes calculating a risk score for each of the plurality of applications based on the evaluating; and automatically remediating (e.g., quarantining) the applications, of the plurality of applications, for which the risk score meets or exceeds a risk score threshold. The method may evaluate all of the applications residing on a mobile device. The method may include grouping application behaviors, for each of the applications, that indicate an increased risk into groups comprising various combinations of a privacy risk, a data leakage risk, an account takeover risk, a device takeover risk, and a malware risk.
-
Citations
25 Claims
-
1. A method, comprising:
-
evaluating each of a plurality of applications for each of privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior, the plurality of applications residing on a mobile device, the mobile device being configurable to access an enterprise system, the evaluating comprising; performing a static analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior; performing a dynamic analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior; and performing a behavior analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior; based on the static analysis, dynamic analysis, and behavior analysis, calculating a score for each of the plurality of applications; determining whether each of the plurality of applications meets or exceeds a score threshold; and automatically remediating each of the applications, of the plurality of applications, for which the score meets or exceeds the score threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A mobile device management system, comprising:
-
one or more enterprise devices that provide enterprise services; and an application analysis system, comprising a processor that executes instructions stored in memory to; detect mobile devices attempting to access the enterprise services; and conduct an analysis of a plurality of applications residing on the mobile devices, the mobile device being configurable to access an enterprise system, the analysis comprising; comparing the plurality of applications to a whitelist and blacklist; for each of the plurality of applications not on the whitelist or blacklist, evaluating each of the plurality of applications for each of privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior, the evaluating comprising performing a static, dynamic, and behavior analysis of each of the plurality of applications for each of the privacy behavior, data leakage behavior, account takeover behavior, device takeover behavior, and malicious behavior; calculating a score for each of the plurality of applications based on application behaviors; and automatically remediating respective applications of the plurality of applications if the score calculated for the respective applications meets or exceeds a score threshold.
-
-
25. A non-transitory computer-readable storage medium having embodied thereon instructions, which, when executed by at least one processor, perform steps of a method, the method comprising:
-
evaluating each of a plurality of applications for each of (i) privacy behavior, (ii) data leakage behavior, (iii) malicious behavior, (iv) account takeover behavior, and (v) device takeover behavior, the plurality of applications residing on a mobile device, the mobile device being configurable to access an enterprise system, the evaluating comprising performing a static, dynamic, and behavior analysis of each of the plurality of applications for each of the (i) privacy behavior, (ii) data leakage behavior, (iii) malicious behavior, (iv) account takeover behavior, and (v) device takeover behavior; calculating a score for each of the plurality of applications based on the evaluating; determining whether each of the plurality of applications meets or exceeds a score threshold; and automatically remediating each of the applications, of the plurality of applications, for which the score meets or exceeds the score threshold.
-
Specification