Detecting malware on mobile devices
First Claim
Patent Images
1. A security method for enforcing policies of an enterprise network comprising:
- operating, by an enterprise administrator, an enterprise management console to manage a policy set of the enterprise network;
operating, on a data processor of a mobile network device seeking to access services from the enterprise network, a detection module for analyzing a target application of the mobile network device, wherein operation of the detection module comprises;
determining, by a permission management module, of the detection module, an application type of the target application;
determining, by the permission management module, a set of application permissions of the target application; and
,determining, by the permission management module, whether at least one of the set of application permissions of the target application is considered one of prohibited and concerning according to the policy set of the enterprise network; and
,performing, by a threat management module, of the detection module, a mitigation action responsive to the permission management module determining that at least one application permission of the target application is one of permitted, concerning and not permitted according to the policy set of the enterprise network.
8 Assignments
0 Petitions
Accused Products
Abstract
In one example, a mobile device includes a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, and a processing unit configured to determine a type for the application and, based on an analysis of the set of application permissions and the type for the application, determine whether the application includes malware.
149 Citations
30 Claims
-
1. A security method for enforcing policies of an enterprise network comprising:
-
operating, by an enterprise administrator, an enterprise management console to manage a policy set of the enterprise network; operating, on a data processor of a mobile network device seeking to access services from the enterprise network, a detection module for analyzing a target application of the mobile network device, wherein operation of the detection module comprises; determining, by a permission management module, of the detection module, an application type of the target application; determining, by the permission management module, a set of application permissions of the target application; and
,determining, by the permission management module, whether at least one of the set of application permissions of the target application is considered one of prohibited and concerning according to the policy set of the enterprise network; and
,performing, by a threat management module, of the detection module, a mitigation action responsive to the permission management module determining that at least one application permission of the target application is one of permitted, concerning and not permitted according to the policy set of the enterprise network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 29, 30)
-
-
21. A method comprising:
-
receiving, by a detection module, operating on a data processor of a network device, a list of expected application permissions for each of a plurality of different application types; storing, on a memory module in communication with the data processor of the network device, the list of expected application permissions for each different application type; determining, by a permission management module, of the detection module, an application type for each of one or more target applications of the network device; extracting by the permissions management module, from each of the one or more target applications, a set of extracted application permissions; comparing, by the permissions management module, the set of extracted application permissions with the list of expected application permissions for the application type that is matched with the application type of the target application; determining, by the permissions management module, whether one or more of the extracted application permissions is not included in the expected application permissions for the application type that is matched with the application type of the target application; and
,if not, performing, by a threat management module of the detection module, a mitigation action responsive to the permission management module determining that one or more of the extracted application permissions is not included in the expected application permissions for the application type that is matched with the application type of the target application. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification