Mobile App Analysis and the Need for Speed

“I feel the need for speed” exclaims Lieutenant Pete “Maverick” Mitchell.

Maverick utters this iconic phrase before climbing into his jet fighter, losing his copilot, defeating the enemy, and winning (back) the girl of his dreams. Ah, Hollywood and its romantic endings! But what about real life – For instance, will speed in mobile app analysis have enterprises living happily after?

Before we answer that question, we should recognize that in any case, speed in the analysis of mobile apps to uncover possible security threats is essential for at least two reasons. First, there is a lot of malware and vulnerability to check. Second, an enterprise may need to check thousands of mobile apps, between the ones it develops itself and the others downloaded from app stores by its employees. It’s less of a duel between jet fighters, and more of a fight against a plague of hungry locusts. And it only takes one “locust bite” to compromise the security of the enterprise.

Traditional security checking simply cannot handle the onslaught. Even if enterprises had access to the source code of the mobile apps to be checked (impossible in many cases), expert analysis using such an approach may take weeks. During that time, the IT department is releasing new versions of apps for the enterprise, possibly based on third party code, while employees are downloading apps to do almost anything you care to think of – and onto mobile devices they may be using both at home and at work.

The potential for a data breach is growing every day. Speed of mobile app analysis is critical and can only be achieved through smart binary analysis, which incidentally neatly avoids the issue of access to source code. In the case of Mi3 Security’s AppInterrogator, binary analysis scores both in rapidity of analysis of individual mobile apps, whatever their origin, and in timely and systematic volume analysis of apps by integrating with enterprise mobile management (EMM) platforms.

Yet speed of analysis is not the only factor. Speed of decision-making is also fundamental to enterprise security. Businesses need information to decide instantly and accurately whether an app can be accepted or if it should be rejected as being too much of a security risk. “Maverick” Mitchell may have to take a split-second decision now and again, but while one of his aerial dogfights is in progress, AppInterrogator may be taking one split-second decision after another, determining whether each individual app is “In or Out”.

Today, battles are shifting from land, sea, and air space, to cyberspace. Enterprises and organizations need rapid, effective protection to pin-point the privacy and security risks for every app deployed in an organization, with vetting and policy enforcement to mitigate app risks before they threaten business, staff, customers, or partners.

When this is true, then there is a happy ending – or rather a happy continuation, as enterprises go about their daily activities, safe in the knowledge that Mi3 Security binary analysis is their reliable, high-performance wingman to keep them out of mobile app trouble.