RiskRanker targets third-party Android app market security

Unlike Google Bouncer, which scans only the Play Store, NQ Mobile's new tool is adaptable for any online market for Android apps

NQ Mobile is taking the fight against Android malware to online markets where malicious apps are often disguised as legitimate products or secretly inserted in games.

Rather than attack the problem using traditional antivirus techniques, NQ has introduced a technology that Android app markets could use to continuously scan for malware.

The new product, RiskRanker is similar to Google Bouncer, an automated system that looks for known spyware and Trojan horses and also searches for behavior that would indicate malware. 

RiskRanker does the same, but is adaptable for use in any Android market. Bouncer works only with the Google Play Store.

The NQ Mobile product analyzes the code within apps to look for instructions that would indicate malicious intent, such as searching for and exploiting vulnerabilities within Android to gain root access in the smartphone.

"To the best of my knowledge, RiskRanker is one of the first in this space to identify new threats without using malware samples," Xuxian Jiang, a consultant for NQ Mobile who helped to lead the development team, said. Jiang is a full-time associate professor at North Carolina State University.

Hackers have exploited the limitations of traditional antivirus technology for years. The software uses signatures taken from samples in known malware in order to identify malicious apps. To get around this strategy, cybercriminals constantly rewrite malware, so that antivirus products can't recognize it. 

NQ Mobile claims that in recent trials, RiskRanker scanned more than 100,000 apps from a variety of marketplaces and identified 718 instances of malware, including 322 that were previously unknown.

The new product will be sold to Android markets. In addition, NQ Mobile plans to partner with mobile application management vendors to include RiskRanker as a feature in their software consoles, Kim Titus, senior director of communications, said.  

While there were no RiskRanker partnerships to announce, 3LM, a wholly owned subsidiary of Motorola Mobility, plans to integrate NQ's anti-malware technology for smartphones into 3LM's product for managing mobile devices and applications, Titus said. [Editor's note: Clarified from earlier version of this article.]

NQ Mobile provides a free version of antivirus software for Android smartphones, as well as a premium version. The company also sells cloud-based malware detection called Enterprise Shield, which was introduced in June.

Pricing and general availability of RiskRanker were not disclosed. "NQ Mobile is currently exploring global opportunities," a spokesman said.

Copyright © 2012 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.