Malware prevention: App reputation

Integration with Appthority provides app reputation data for apps detected on managed devices. This information helps you protect your organization from malware.

This section includes the following sub-sections:

• Enabling app reputation
• Confirming configuration of the app reputation service
• Viewing app reputation data

Enabling app reputation

Before using an app reputation service:

• Find out whether or not the service supports the MobileIron APIs and can be used with MobileIron Core
• Get a URL for their service
• Determine the service’s rating range (for example, 0 to 50)
• Determine what the low and high numbers in the service’s rating range indicate (do low numbers indicate a high or low threat?)

Procedure 

1. Consider configuring debug mode for MIFS logs (in System Manager).
   Debug logs will capture successful configuration. Otherwise, you will have no indication if you mistype the license key for the reputation service.
2. Go to Settings > Additional Products.
3. Click App Reputation.
4. Select the Enable App Reputation option.
5. Use the following guidelines to complete the displayed fields:

 

Item	Description
Reputation Service URL	Enter the URL your app reputation service provided.
Authentication Type	Select Basic or Token Authentication.
Name/Password	Sepcify a username and password when you select Basic Authentication.
Authentication Key	Provide an authentication key when you select Token Authentication.
Rating Range Low Value	Enter the low number of the service’s range.
Rating Range High Value	Enter the high number of the service’s range.
Rating Scale	Click Low to indicate that apps with ratings lower than the Rating Threshold have the highest threat level (for example, if the range is 0 to 100, and the Rating Threshold is 60, apps with a rating of 60 or below have a high threat rating) Click High to indicate that apps with ratings higher than the Rating Threshold have the highest threat level (for example, if the range is 0 to 100, and the Rating Threshold is 65, apps with a rating of 65 or more have a high threat rating)
Rating Threshold	Specify the rating you select as the limit for determining whether an app has a high or low threat rating. It is used in combination with Rating Scale to determine the app threat risk.
Check Interval	Select an interval for contacting the reputation service to retrieve updated reputation data: • Daily: Update occurs at midnight each day. • Weekly: Update occurs at midnight between Saturday and Sunday. • Monthly: Update occurs at midnight before the first of the month. The reputation data is stored on MobileIron Core. NOTE: The day of the week and time of the update are not configurable.

6. Click Save.

An initial sync begins shortly after initial configuration. Thereafter, the Check Interval setting determines when Core contacts the reputation service.

Confirming configuration of the app reputation service

You can use the following keywords to check the logs for successful configuration of the reputation service:

appReputationEnabled=true

Enabling Appthority-Sync-Job with schedule: 0 30 22 * * ?

appReputationServiceOption=Appthority

appRatingThreshold

appReputationIntervalOption

Rescheduling Appthority-Sync-Job with schedule

AppthoritySyncJob.execute

Done with sync job

scores.length

Viewing app reputation data

The Apps > Installed Apps page displays the information about apps detected on managed devices. Select Detail View to see the app rating and app score columns. Those columns appear if you have enabled app reputation in Settings > Additional Products > App Reputation.

The values that may appear in the App Rating field are listed in the table below.

Table 1. App Reputation Ratings

Rating	Description
Not Rated	With a score of 0 indicates that MobileIron Core has not processed the app yet. With a blank score indicates that the app is not currently in the designated service’s database. The app might be new or the service might provide app data only for specific operating systems.
OK	Indicates that the app’s score exceeds the threshold specified in the App Reputation settings.
Risky	Indicates that the app’s score does not exceed the threshold specified in the App Reputation settings.