Detection and prevention of installation of malicious mobile applications

摘要

A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

主权项

1. A non-transitory computer readable medium comprising computer executable instructions stored thereon that, when executed, cause a processor to:
intercept a request to install an application on a mobile device, the request initiated by a first portion of a mobile application setup file on the mobile device, wherein the mobile application setup file includes a second portion including program code of the application to be installed; generate a key based on at least a portion of the second portion of the mobile application setup file, wherein the key uniquely identifies the application; send the key over a network connection to a server application; receive a response over the network connection from the server application before the application is installed on the mobile device, the response to include a status of the application that indicates whether the application is malicious; and block the first portion of the mobile application setup file from executing to install the application on the mobile device when the status indicates the application is malicious.