APP REPUTATION SERVICE
The exploding popularity of smartphones and tablets has created a major new threat vector — the mobile application. With the large volume of apps now available, hackers can easily disguise and distribute malicious code to unwitting victims. In fact, apps have become the primary vehicle to distribute mobile malware, and the exponential growth of apps is compounding the problem. As of September 2012, for example, mobile users had downloaded 25 billion apps from the Google Play Store.
While mobile malware still represents only a fraction of the millions of threats targeting PCs, the number of new mobile threats has shown a more aggressive growth trajectory. Nonetheless, individuals and businesses remain largely unaware of the risks of mobile applications. Most mobile malware is delivered via mobile apps cleverly disguised as “good” and distributed through mobile app markets. Unsuspecting individuals install these applications on their mobile devices without doing any research on the application or its developers, opening the door to an attack with precious data as the target. Moreover, with BYOD becoming a reality, this presents a security threat to individuals and businesses alike.
The large volumes of existing apps, a constant stream of new apps, and a growing number of third-party app distribution markets combine to present a significant security challenge. How do you determine which apps are malicious and which apps are safe? Vendors that provide mobile management and security solutions need to ensure their customers are protected from malicious applications, have the ability to filter out unwanted or non-compliant apps and allow access to reputable applications.
Due to increasing threat presented by mobile applications, Webroot has developed the Webroot® App Reputation Service. Utilizing data collected and analyzed by the Webroot Intelligence Network (WIN), the App Reputation Service gives Webroot partners and customers the ability to manage the delivery of mobile applications that are safe and compliant.
How Webroot App Reputation Service Works
Figure 5 presents a process flow showing how the App Reputation Service collects, analyzes and distributes app data to partners and customers.
- Collection. The App Reputation Service collects millions of applications from app markets, third-party sites, app sharing services, strategic partners, and Webroot SecureAnywhere™ Business – Mobile Protection users.
- Analysis. After the applications are fed into the App Reputation Analytics Engine, an automated, multi-staged analysis process collects detailed data on each application.
- Classification and Scoring. Each app is categorized and assigned a score based on algorithms using detailed analysis data. Compared to simply looking at the permissions that the apps request, this approach allows for granular detail on what the app actually does once installed, enabling Webroot to better determine if an app is trustworthy, neutral, malicious, or suspicious.
- Partner API. The Classification and Scoring results allow Webroot partners to analyze apps or analyze app data via a web service API.
- Feedback Loop. Information collected by Webroot partners is then gathered and looped back into the App Reputation analytics engine.
- Using the data and analysis results provided by the Webroot App Reputation Service, MDM vendors, mobile carriers, app developers and application marketplaces can develop solutions that incorporate app reputation to ensure their customers are free from malicious or unwanted mobile apps.
Figure 5: App Reputation Service
App Reputation Service API
Webroot has streamlined the analysis to provide a concise application reputation classification and other information on mobile apps in the database. The information collected is exposed via a RESTful web service API and can be used by MDM or other applications that enable mobile app usage policies. Webroot provides several application lookup mechanisms, including package name and md5. A simple banding classification, ranging from Malicious to Trustworthy, provides an easy-to-implement solution for Webroot partners. This is the main advantage of the App Reputation Solution — either allowing or blocking the mobile apps based on the policy designed to safeguard the interest of business and its users.
Developers using the API have flexibility to set permissions beyond the banding classification and use other data points exposed via the API to determine application policy compliance. For example, an app may be classified as moderate, yet it might have other undesirable characteristics such as GPS location or access to user’s phone contact list.
The Webroot App Reputation service allows MDM vendors, mobile carriers, and application distributors to deliver mobile applications safely to their customers. Built on the Webroot Intelligent Network, it harnesses data and inputs from millions of sources, making it one of the most powerful application reputation services on the market.
The App Reputation Service is simple and easy to integrate. It provides flexibility for MDM providers, mobile carriers and app market providers to decide how to use the mobile app information and adapt it for specific management requirements
With millions of mobile applications available and new apps introduced every day, Webroot partners will have the assurance that their customers are protected from the potential threats hidden in mobile applications and are using only safe apps.
