Mobile applications are increasingly used for business purposes as companies adopt bring your own device (BYOD) and hybrid work policies. However, ensuring that employees are using these devices securely is quite the challenge. Mobile applications are available from both official and unofficial mobile app stores, all of which struggle to police themselves and remove malicious apps. Additionally, mobile devices commonly have vulnerabilities that could be exploited by these apps.
A Mobile App Reputation Service (MARS) is designed to help an organization manage the threat of suspicious and malicious apps to its employees and devices. MARS generates a report for each app on corporate devices outlining its potential privacy and security risks. This information is an essential component of an organization’s risk management and mobile application security strategies.
Mobile devices and applications are increasingly targeted by cyber threat actors. Common techniques involve the exploitation of vulnerabilities within mobile apps or the deployment of trojans and other mobile applications with malicious functionality.
MARS helps to protect against these attacks by providing information about the features and functionality of mobile applications. By analyzing the code, behavior, and reputation of an application, MARS can determine the risk that it poses to the organization and its employees. This risk score and a complete report of associated vulnerabilities can inform risk management, enabling an organization to determine if continued use of the app in question justifies the associated risks.
MARS is designed to provide a complete picture of the risks associated with a particular mobile app. To accomplish this, it needs to include certain features, such as:
By analyzing mobile applications with MARS before allowing them on corporate devices, an organization can reduce the risk of data breaches and other mobile security incidents. For example, a recent investigation by Check Point Research found that a variety of mobile apps collected and stored users’ personal data in cloud-based real-time databases that required no authentication.
These apps could have leaked sensitive information about their users as well as business data (via apps providing faxing services) on the cloud. MARS could have detected the insecure functionality that enabled these data leaks, allowing the organization to take action.
Check Point Harmony Mobile provides MARS to help ensure an organization’s mobile security. MARS analyzes privacy risks, security issues, and application origin (reputation) for mobile applications deployed on corporate devices. These three factors are then weighed and combined to provide an overall security score for the application. This security score quantifies the risk that a particular mobile app poses to personal and corporate data and can be used as part of a corporate risk management policy.
Harmony Mobile’s MARS allows apps to be submitted for analysis via manual uploads of the application file or via a link to the Android or iOS app stores. After analysis, the user receives the security score as well as a full analysis report detailing the privacy and security risks posed by the application and potential methods of remediation.
Mobile devices are increasingly targeted by cybercriminals due to their increased popularity in the wake of the recent move to remote work. To learn more about the evolving mobile threat landscape, check out Check Point’s 2021 Mobile Security Report.
Check Point’s Harmony Mobile provides comprehensive protection for mobile devices, including MARS and mobile threat defense (MTD) functionality. To learn more about Harmony Mobile’s capabilities, request a demo. You’re also welcome to try Harmony Mobile out for yourself with a free trial.