App inventory
Before app classification or risk analysis, the mobile security console collects an inventory of apps from all devices with the app installed. App inventory acquisition varies by mobile platform and execution.
App discovery
To enable automatic app collection and analysis from Android devices, the collection of apps must be enabled in the policy. An MDM integrations is required for iOS to gather apps for thorough threat analysis.
iOS - application discovery and scanning are handled through MDM integration. At each MDM synchronization interval, the mobile security console requests a list of applications for each iOS device and performs a scan on the application metadata to verify if there are any malicious apps.
Android - on-device scanning handles Android app discovery and scanning, using a local signature database and Mobile Security console to identify and classify files. When connected to a Wi-Fi network, users upload unanalyzed apps to the console.
Note
Unchecking
Application Binaries
in Policy Settings disables this.
Evaluating app not detected yet
To evaluate apps that are not yet detected, you can upload apps to be scanned by performing these steps:
Go to the Apps page.
Click the Upload App button.
Now you can:
Upload an app file with an IPA or APK file extension directly to the mobile security console.
Provide an iTunes URL for retrieval.
Provide a Google Play Store URL for retrieval.
Note
If you provide a Google Play Store URL, the URL must be for the US market.
Extension Inventory
The Mobile Security Console gets an inventory of extensions from devices with the Security for Chrome product installed. Extension discovery and scanning are handled via on-device scanning, when an extension is downloaded and when it is installed.
Exporting the Apps and Extensions Lists
Apps and extensions are exported as a CSV file, which is sent via email to the requesting administrator.
App and Extension Analysis
Each app or extension is evaluated in the following ways:
Legitimate/Malicious - an app or extension is evaluated based on its reputation, author, and antivirus vendors. If it meets the recommended threshold, it is rated as Malicious.
Privacy Risk - an application or extension is rated based on its privacy risks, such as the ability to access calendars or microphones.
Security Risk - an application is rated based on its secure/coding aspects to identify unsafe aspects.
Mobile Security reports
Apps generate reports based on their privacy and security issues, but these ratings have no bearing on whether the app is malicious or legitimate. To view these reports, click the three horizontal dots to see the report options:
Executive PDF Report: A high-level overview of the privacy and security Issues for the application selected in PDF format.
Deep Threat Analysys Reports: A detailed reason for the privacy and security issues listed in the Executive Report in PDF format.
JSON Report: The raw data behind the reports in JSON format. Click on the desired report and ensure that it downloads.
Allow, Deny, and Out of Compliance Options
Administrators can designate an app or extension as out-of-compliance (OOC) within the user's enterprise, allowing users to be informed and asked to remove them from their devices.
The administrator has the ability to label an application or extension as out-of-compliance (OOC) within the enterprise of the user, by accessing the Apps page. Upon detection of non-compliant apps, users are notified and instructed to uninstall said apps from their devices.
The app or extension can be marked as:
Allowed
Denied
Out of compliance
None or N/A
App or extension whitelisting by an administrator mitigates potential threats from specific developers or apps. Certain apps, including MDM-loaded apps, internal apps, sideloaded apps, and frequently used apps or extensions, can be designated as safe, and no threats will be generated for these.
Admins can generate a Suspicious iOS App or Suspicious Android App threat for apps they deny, which is akin to labeling them as malware. Admin marking app as out-of-compliance generates Out of Compliance App threat.
Denying certain extensions by an administrator triggers the Suspicious Browser Extension threat for that extension, which is akin to classifying it as malware. Marking an extension as out-of-compliance by an administrator results in the generation of the Out of Compliance Browser Extension threat.
For additional details regarding the actions that can be taken for Suspicious iOS Apps or Suspicious Android Apps and Suspicious Browser Extension check the Threat policy page.