• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Consumer   »   A Mobile App Scanner is Not Just Another App

A Mobile App Scanner is Not Just Another App

  • Posted on:March 7, 2019
  • Posted in:Consumer
  • Posted by:
    Trend Micro
0

Mobile applications assist us mightily with our daily tasks. They increase our productivity with anywhere, anytime, high-functioning tools, and they help us communicate and share information with family members, friends, and co-workers. Every day, the rapidly evolving app market brings us more apps to cater to our needs. Sound good? Well, it is! But sometimes, there’s a big gotcha.

 

 

Are mobile apps secure?

Although Apple’s App Store for iOS performs a pretty rigorous app vetting process to verify compliance with Apple’s requirements, you can’t automatically assume that Android apps are equally as safe, largely because the app vetting process for Google Play is considerably looser, while for third-party Android app stores it’s looser still or nonexistent. Some mobile apps are compiled to perform suspicious functions, as with malware apps that have the capability to copy real-time data from the user’s device and transmit it to the cybercriminal’s servers. Malware apps are programs that execute in parallel to the processes running in the background of the mobile OS, and they can stay alive and may remain undetectable to the average user during normal use of the device.

Unfortunately, malicious Android mobile apps and mobile malware threats continue to proliferate, especially if there’s a compromise or attack against an app store itself, when the opportunity to turn legitimate apps into bad, rogue versions, as with fake banking apps, is at its highest. But it doesn’t stop there. Another form of malicious functionality includes injection of fake websites into the victim’s mobile browser in order to collect sensitive information, acting as a starting point for attacks on other devices the user owns. This type of behavior supports phishing attacks, or is a consequence of it. And because mobile apps are usually more precise than desktop apps with providing continuous device location information, personal health metrics, and pictures and audio about you, you can be far more exposed through mobile apps than you might expect.

Mobile apps can also sense and store information, including your personally-identifiable information (PII), in a variety of ways, a situation made dangerous through excessive granting of privileges and privacy rights given away right at the beginning, when you install the apps. You may have overlooked the fact that the app is requesting access to the camera or the microphone, or the app may be collecting and storing sensitive information that’s not consistent with its user license agreement or its description of purpose. You might have a security risk on your device because the app may be scanning or accessing files that are not part of its own directory—an indicator of malicious activity. And though many apps are advertised as being free to consumers, the hidden cost of these apps may be the selling of your “user profile” to marketing companies or online advertising agencies.

Finally, apps may also contain software vulnerabilities, right in the code, which are susceptible to attack. Such vulnerabilities may also be exploited by an attacker to gain unauthorized access to personal data and sensitive information.

Protect yourself from mobile app threats

Your best defense against malicious apps and their nefarious cousins is to install a mobile security app with a strong app scanner onto your device. Trend Micro Mobile Security for Android, for example, can provide a level of confidence that the applications you install on your mobile device are free from potential threats, privacy violations, and vulnerabilities. Its Security Scan taps into a service in the cloud, powered by Trend Micro Mobile App Reputation Service (MARS), that employs machine-learning technology to check the latest information and reputation of both well-known and unknown apps associated with any risks. MARS is paired with the local scanner on the device—which uses a combination of static analysis, (which examines the apps’ source code and binary code) and dynamic analysis (which operates by executing a program using a set of input use cases to analyze the programs’ runtime behaviors)—to examine the apps you wish to download, or those already on your device, for any threats.

That’s right: Trend Micro Mobile Security’s scan uses advanced inspection and classification technologies that are capable of scanning apps even before they’re downloaded and installed from Google Play. The pre-installation scan detects malicious and potentially unwanted apps and warns you against their installation right from the Google Play store. Apps that are already installed may be also manually scanned on-demand for threats, and if Trend Micro Security discovers anything suspicious, it gives you the option to uninstall the app. This means side-loaded apps (which are installed when an app’s APK is downloaded from either a USB device or a link from a forum or website) can be checked by Trend Micro Mobile Security for threats and malicious behavior—again using the MARS database in partnership with the local signature and the behavior analysis functions. Once found to be malicious, the side-loaded app can be uninstalled.

Trend Micro Mobile Security’s proven track record

In short, Trend Micro Mobile Security provides total app protection for your mobile devices, helps uncover potential threats, and provides much-needed software assurance when you install Android applications. It monitors how applications interact with your data and ensures that the apps you install are secure. Its app scanning capability is one key reason among others that Trend Micro Mobile Security consistently gets top scores for malware detection and usability from independent labs such as AV-TEST.

Trend Micro Mobile Security for Android, with its industry-leading Mobile App Reputation Service and Security Scan, is your best defense against malicious, fake, and infected apps.

For more information or to buy Trend Micro Mobile Security, both for Android and iOS, go to Trend Micro Mobile Security Solutions.

Related posts:

  1. Defend Yourself Now and in the Future Against Mobile Malware
  2. Trend Micro Mobile Security Protecting You From Prying Eyes
  3. Scan QR Codes Safely with the Trend Micro QR Scanner
  4. Using Trend Micro Security’s Privacy Scanner – Part 1: Social Network Privacy

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.