Appthority Portal Helps Assess Mobile Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:48 PM
Connect Directly

Appthority Portal Helps Assess Mobile Risk

Appthority Portal gives customers greater granularity in determining and responding to mobile risk factors.

Appthority sprung to life early last year at RSA with its mobile app screening and risk assessment product for the enterprise, and has been racking up partnerships within the enterprise mobility ecosystem ever since, including a recent alliance with Mobile Iron, one of the market leaders in mobile device management. Today the company announced the Appthority Portal, which lets customers see mobile app risk data directly, understand more precisely the factors that influence particular risk scores (or Appthority Trust Score), and customize those scores on a per-company, or even per-department, basis.

The outcome: IT can write mobile policies at an increasingly fine-grained level, based on application behavior.

When introducing Appthority initially, CEO Anthony Bettini said the company's approach was more about "bring your own software" rather than "bring your own device," arguing that it wasn't necessarily the device that created risk, but the applications and the resources and information they could access once the device was connected to a corporate network. Appthority co-founder and president Domingo Guerra says the company's database now contains 1.2 million unique applications. Until now, those were all iOS and Android apps, but the company just launched support for BlackBerry 10 apps, and has plans for Windows Phone apps later this year.

Appthority's screening technology is hosted on Amazon Web Services. Partners have accessed app "scores" and underlying behavioral data via APIs -- these Appthority partners include development shops like Appcelerator, enterprise application stores like Apperian and Happtique, and MDM companies like MobileIron, Fixmo, Boxtone and Marble Security. The MDM technologies use Appthority data as the basis to write the policies that get enforced upon end users. The partners can upload apps to Appthority's cloud, or they can query the system based on the meta data of the app, and the reports generated get fed directly to that partner.

With the new Appthority Portal, the end-user customer can see the data directly, including very detailed app behavior explanations to help them make better policy decisions. Corporate developers can also upload their apps directly now, Guerra says. The scanning takes only a couple of minutes.

The data Appthority discovers in its screening process runs the gamut from detecting malware, to understanding its origin (for example, that the software was developed in the Ukraine or in China, or even the reputation of the developer), to uncovering what the app has access to (like a contact database or the user's location), and more. Guerra says that Appthority disassembles the binary file and performs both static and dynamic analysis, running the file through more than 3,000 rules based on the API calls that the OS manufacturers make available. This includes Android apps ported to BlackBerry 10 -- Guerra says that Appthority's technology understands not only what each mobile OS allows, but also what the application is trying to do, meaning any extra calls the application makes outside of the standard APIs.

Understanding application behavior lets an organization do things like block the use of DropBox based on the location of a user, for instance, but also block other apps that might make direct use of DropBox as well. Portal users will access data via a single screen that breaks down apps by OS and by app category, with those apps ranked by risk. Diving into the apps provides not only a risk score, but details on key behaviors, like whether the app tracks user location by sending map coordinates unencrypted. End user shops can write policies based specifically on that sort of fine-grained understanding of app behavior.

Guerra says that Appthority is seeing more than one million queries per day for app analysis, from 137 institutions, including customers and partners, and across a variety of vertical industries. The solution is available in seven languages. The portal has been in private beta, and is available this month. The list pricing: $2.50 per user per month, plus $2.50 per user per month for having scores exposed in the Mobile Iron console, but if you buy both Appthority and Mobile Iron together (via either company's channel partners), the total cost is $4 per user per month. Guerra says there are discounts based on volume usage.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll