What is a Mobile App Reputation Service (MARS)?

Mobile applications are increasingly used for business purposes as companies adopt bring your own device (BYOD) and hybrid work policies. However, ensuring that employees are using these devices securely is quite the challenge. Mobile applications are available from both official and unofficial mobile app stores, all of which struggle to police themselves and remove malicious apps. Additionally, mobile devices commonly have vulnerabilities that could be exploited by these apps.

A Mobile App Reputation Service (MARS) is designed to help an organization manage the threat of suspicious and malicious apps to its employees and devices. MARS generates a report for each app on corporate devices outlining its potential privacy and security risks. This information is an essential component of an organization’s risk management and mobile application security strategies.

Schedule a Demo Mobile Security Report

How MARS Keeps Your Device Safe and Secure

Mobile devices and applications are increasingly targeted by cyber threat actors. Common techniques involve the exploitation of vulnerabilities within mobile apps or the deployment of trojans and other mobile applications with malicious functionality.

 

MARS helps to protect against these attacks by providing information about the features and functionality of mobile applications. By analyzing the code, behavior, and reputation of an application, MARS can determine the risk that it poses to the organization and its employees. This risk score and a complete report of associated vulnerabilities can inform risk management, enabling an organization to determine if continued use of the app in question justifies the associated risks.

Features of Mobile App Reputation Service (MARS)

MARS is designed to provide a complete picture of the risks associated with a particular mobile app. To accomplish this, it needs to include certain features, such as:

 

  • Mobile Application Vulnerability Scanning: Exploitation of mobile application vulnerabilities can enable an attacker to gain access to a mobile device or access and leak sensitive information. MARS will perform static and dynamic analysis of mobile applications to identify potentially exploitable vulnerabilities and list these vulnerabilities and potential remediation steps in its report.
  • Reputation Analysis: Mobile app stores are designed to allow anyone to create and sell mobile applications, so mobile apps can have vastly different levels of security and may be malicious. MARS performs reputation analysis to determine whether a mobile app is likely to have been created by a legitimate developer.
  • Personal Data Leakage Detection: Mobile applications commonly take actions that can cause a leak of users’ personal data, such as accessing SMS messages or contact lists. Some of these activities are legitimate and necessary, while others are evidence of suspicious or malicious activity. MARS should identify access to sensitive data and determine whether or not these activities are potentially suspicious or part of the core function of the mobile app.
  • Suspicious Behavior Detection: At runtime, mobile applications may take suspicious and potentially malicious actions, such as communicating with an unknown or known-bad server. MARS will monitor the execution of a mobile application and take action if these types of activities are detected.

 

By analyzing mobile applications with MARS before allowing them on corporate devices, an organization can reduce the risk of data breaches and other mobile security incidents. For example, a recent investigation by Check Point Research found that a variety of mobile apps collected and stored users’ personal data in cloud-based real-time databases that required no authentication.

 

These apps could have leaked sensitive information about their users as well as business data (via apps providing faxing services) on the cloud. MARS could have detected the insecure functionality that enabled these data leaks, allowing the organization to take action.

Mobile Application Security with Check Point Harmony Mobile

Check Point Harmony Mobile provides MARS to help ensure an organization’s mobile security. MARS analyzes privacy risks, security issues, and application origin (reputation) for mobile applications deployed on corporate devices. These three factors are then weighed and combined to provide an overall security score for the application. This security score quantifies the risk that a particular mobile app poses to personal and corporate data and can be used as part of a corporate risk management policy.

 

Harmony Mobile’s MARS allows apps to be submitted for analysis via manual uploads of the application file or via a link to the Android or iOS app stores. After analysis, the user receives the security score as well as a full analysis report detailing the privacy and security risks posed by the application and potential methods of remediation.

 

Mobile devices are increasingly targeted by cybercriminals due to their increased popularity in the wake of the recent move to remote work. To learn more about the evolving mobile threat landscape, check out Check Point’s 2021 Mobile Security Report.

 

Check Point’s Harmony Mobile provides comprehensive protection for mobile devices, including MARS and mobile threat defense (MTD) functionality. To learn more about Harmony Mobile’s capabilities, request a demo. You’re also welcome to try Harmony Mobile out for yourself with a free trial.

Get Started

App protect Data Sheet

Enterprise Mobile Security

Harmony Mobile Solution Brief

Gartner Market guide for MTD

Mobile Security report

Related Topics

Mobile application security

What is Mobile Threat Defense (MTD)?

What is Mobile Device Security? 

Mobile Security Threats and How to Prevent Them

MITRE ATT&CK Matrix (Matrices) for Mobile 

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK