Our cloud-based Behavioral Analysis is designed to inspect mobile applications for risky or malicious behaviors—like accessing contact information, reading data from SIM cards and transmitting data to suspicious geo-locations.
Static Code Inspection
The executable code is inspected statically to identify risky capabilities such as access to sensitive data, contact lists, location, browser history, system logs and SIM card identity information; monitoring and recording of phone calls; and device permissions that are native to the operating system API or custom-defined by developers. For example, CA Veracode research has revealed 67 percent of top mobile apps can access, add or edit address book contacts.
Dynamic Behavioral Analysis
The application is executed in a sandbox and instrumented to produce behavioral information such as GeoIP maps identifying data exfiltration; inbound and outbound IP addresses and domains; the data sent and received by the app during operation; and the files created, changed or deleted by the app during operation. Our research has shown that the top mobile apps send data to unknown entities located throughout the world.
Actionable Malware Rating
The malware rating indicates how likely it is that the app is malware, in other words the more your app behaves like malware, the worse the malware rating will be. We quantify this rating by analyzing the application’s code capabilities and real-time behavior, comparing it against millions of data points from mobile applications, both malicious and safe. This generates a malware rating from 0 to 10. An application with a rating of 9 or 10 is classified as malicious and should be prevented by corporate policies from being installed.
Every enterprise is different in the level of risk they are willing to take on—and the types of application behaviors they consider risky. Our comprehensive policy engine provides administrators with the ability to create custom policies, based upon fine-grained attributes, enabling the productivity benefits of BYOD without sacrificing security in the process.