The automatic import of app lists to be analyzed by Appicaptor is now available for AirWatch Mobile Device Management System customers. Besides AirWatch, Appicaptor supports MobileIron and Sophos Mobile Control.
This new integration automatically returns the Appicaptor analysis results to your AirWatch MDM using black- and whitelists. This simplifies the process for app approval processes and enables full automation of the app review process.
With the help of the comprehensive AirWatch settings, the automatically generated black- or whitelists can then be assigned to all employees or individual user/device groups. All administrators can use actions provided by AirWatch to enforce corporate policies.
A Chinese advertising software development kit (SDK) called Igexin is back in the news that has the capability of spying on victims through otherwise benign apps by downloading malicious plugins.
Symantec has reported similar issues with this SDK already early 2015. Although they stated one of the features as “Download and execute external components in the host application”, they only classified it with a low risk impact.
Anyway, Appicaptor ever since has blacklisted all analyzed apps containing this SDK, based on its generic standard policy.
Analyses of our database have shown that the Google Play Store still contains apps utilizing this SDK with the functionality for remote code execution. Therefore, Appicaptor now also individually recognizes and blacklists the Igexin SDK, based on the intrusive design and the complete loss of trust.
Appicaptor has been enhanced with a new app model, which is named Security App. Security apps are supposed to improve or evaluate the overall security of a smartphone. For this monitoring of operating system and apps, security apps need to have critical permissions. These permissions require a very high security quality level to prevent attackers from exploiting the permissions through implementation flaws. Therefore Appicaptor rates flaws in these apps stronger than in other app models.
On the other hand, in case of no other flaws, the required permissions are not rated negativly by Appicaptor because they are required for this type of app.
Examples of security apps are:
- Virus Scanners
- App Lockers
- Lockscreen Apps
- Permission Examination Apps
- Find My Phone Apps
- Secret Folder Apps
In addition to the numerous report formats available in the download area, the results of an app analysis can also be printed using the browser.
The presentation for the app test detail pages has been improved so that e.g. all result lists are always unfolded and that only elements which hold relevant information for printing are shown.
Top App List can be Integrated
All customers with Appicaptor SmartWeb or Appicaptor Corporate subscriptions can retrieve additional access to the results of the current Top2000 app list for iOS and Android. The results are directly available for a reduced additional fee. Contact the Appicaptor support for a Top App subscription. The Top App results can be individually evaluated or combined with the results of the ordered app tests.
Extension in Appicaptor Web Interface
Within the overview page of the test results, all entries can now be sorted by all columns. By clicking on the column name, the respective column is used for sorting (or the sorting sequence is reversed). This makes it easy to sort all result lists by app type, number of risks, or violation of blacklist rules.
Among other things, the vulnerability patterns for communication protection were expanded. In addition, the security quality of iOS Apps is now evaluated by using the “App Transport Security” configuration. A deviation from the secure default setting, for example to enable unencrypted HTTP connections, is now included in the automatic risk assessment. In addition, the configuration details are listed in the report.
We show the risks of poor security quality for apps as al demonstration live on the it-sa from 18th to 20th October 2016 in Nuremberg (in Hall 12 at booth 430). We will show the example of a trustworthy TV-program app for iOS. When using the app in public WiFi, attackers can misuse the included Cordova calendar plugin to read or delete any appointments on the iPhone, which can result on any modification or deletion of the appointments on all synchronized devices.
Analysis Enhancement for Web Apps
In order to protect Cordova apps, the access of the app should be restricted to trustworthy domains in the Cordova whitelist. Appicaptor therefore shows the defined whitelist and evaluates it. Unfortunately the default whitelist configuration is not secure and an adjustment is often forgotten during deployment.
Furthermore, the automated assessment of Cordova plugins for attacks via unprotected HTTP connections was extended. There is a considerable risk for user data in many popular apps based on Cordova, which is already taken into account in all Appicaptor policy rule sets. Adaptation of the individual rule sets is therefore not necessary. In general, users of Cordova apps should better disable the permissions. Permissions like calendar and address book access should be deactivated, because they usually have only a small (sometimes even unknown) benefit (reminder functions), but the risk of unauthorized access is quite high.
Advanced Export Function
Appicaptor now supports the new app list import format of Sophos Mobile Control. Appicaptor can create white- and blacklists in this format for each Appicaptor policy set at each Appicaptor run. The lists can then be imported directly into Sophos Mobile Control. Interested customers can activate the Sophos import format for their Appicaptor subscription by contacting the Appicaptor Support.