If Your Mobile App Was One Click Away from a Malware Farm, Would You Know?

Nobody (except a bad actor) wants their mobile app to wreak havoc on unsuspecting users, or expose them to glaring flaws in security. By looking inside the app to analyze the software, you can see how it behaves, but what about the domains and networks it links to, or apps that share some of the same code? How safe are they? 

It’s a bit like having kids. You want them to behave responsibly and have a good attitude, so you keep a watchful eye on them and on the company they keep. One acquaintance of dubious reputation may not be an issue, but if you see your offspring hanging out with gangs of known delinquents, it’s probably time to take action.

Application reputation works in a similar way to personal reputation. Establishing the trustworthiness of an app is done by considering different pieces of information about the app. There may be objective data like antivirus results, as well as subjective data like the opinions of others about the reputation of the app, including decisions to blacklist or whitelist it.

The aim of blacklisting is to make a list of known problem software, sites, and networks. For instance, code with known flaws or malicious characteristics may be identified by its code signature and blacklisted. However, cybercriminals increasingly produce code that can be easily mutated, thus altering its signature and allowing an app to shed its poor reputation and start afresh. Alternatively, whitelisting takes the opposite tack: anything that is not on the whitelist is automatically considered a potential menace.

Trying to spot “gangs of delinquents”, like malware farms in the context of mobile apps, can still be a challenge. Even if security test results show the instances of associated apps or sites with poor reputations, groups of such apps may be difficult to identify from simple text format output. Likewise, if your app is rated overall as being too much of a threat to be used or released, it may not be easy to understand where the problem is or how to fix it.

Human beings typically need another kind of presentation of the situation. Just as graphics in a spreadsheet or in a data analytics dashboard can tell a thousand words, app reputations can become more obvious and meaningful with the right visual presentation and direct drill-down capabilities. Smart interface design can make that malware farm a click away from your app obvious to almost any user.

App reputations can also change as they become better known, by inspiring confidence through new endorsements or on the contrary demonstrating the damage they can do. Reputational analysis should therefore be rapid, as well as effective, making it easy to keep up to date with new versions and releases of software. For example, performing reputational analysis of iOS AND Android apps should be done in minutes, rather than in days.

Mi3 Security’s AppVisualizer does all the above, offering a full picture in real time of the behavior and relationships of apps, domains, and networks, with clear color coding of good or bad relationships. Features include visual rendering of not only of the reputation of an app and its neighbors, but also of the developer, showing other apps developed by that person or organization. AppVisualizer also offers high (99%) levels of efficacy, and the scalability to handle workloads of any size, thanks to a robust cloud deployment.