|UPDATE (6/3/2013) For a demo of Appthority in action, watch this video from MacIT World from February 2013.|
Last week I had a chance to sit down with Domingo Guerra, one of the founders of Appthority. Appthority provides an app reputation service—useful for not only tracking viruses and malware, but also for knowledge about all aspects of an app’s behavior.
Appthority launched in the end of February this year at the RSA conference and they recently got round-A funding after spending 2011 bootstrapping. A few weeks ago, they released an interesting report on the 50 most popular iOS and Android apps. It can be found here (and nice tweetable infographic here) but the gist of it is that nearly all of the apps on the list took some sort of actions that can access sensitive data.
What exactly is app reputation? Beyond static code analysis, Appthority collects hundreds of metrics on each app it tests. The app is run in an emulator to check actual behavior, they examine external URLs the app associates with, the reputation of the creator, the reputation of other apps from the creator, reviews in app stores and online, the behavior of ad networks used in the apps, or even simple things like misspelled words in the text. One unexpected example was a company that asked Appthority to indicate which apps had terms of service that varied from the default Apple App store terms.
Appthority doesn’t quite go out and buy every single right when it comes out—though Domingo told me that the bill would come to something around $757,000 for the Apple App store if they did—instead they test the apps on-demand, creating an ever expanding database of app reputation data. They do have to buy a lot of apps for their testing, of course, but freely-available pirated versions of the apps can be tested as well.
Why we need Appthority
We know that among all the apps out there, some of them are truly malicious, seeking to take advantage of vulnerabilities in Android and iOS. The real threat, however, are applications that function entirely within the acceptable parameters of the Apple App Store or Google play yet have functions that may lead to leaked corporate data. This type of “malware” is in the eye of the beholder.
For example, which of the following actions would be acceptable apps apps used by employees in your organization: location tracking? Keylogging? Asking for all sorts of extra permissions that have nothing to do with the functionality of the app? Sharing contacts? Sending emails or texts from the device? Unencrypted communication? These are all be sensitive issues, especially if employees are allowed to use built-in email, calendar, and contacts, which are accessible by any other app on a device. Assuming that that administrators are managing apps on users’ devices, the knowledge that Appthority provides becomes invaluable. Trying to curate a blacklist without all this information would be nearly impossible.
MDM is only one of many use cases for Appthority, though. Appthority operates as a completely neutral service, providing information to partners through APIs. The list of partners has been growing steadily since their launch, with promises of even more announcements in the near future.