Mobile App

Mobile App Research

In this section, you can access and search RiskIQ's collection of tens of millions of mobile apps collected across all stores.

These apps are gathered by searching through hundreds of app store websites and searching for specified keywords of interest. When interesting results are found in the app store website, RiskIQ clicks on each result, parses out the specific information in the web page, and downloads the file automatically if the store provides it, in order to add new entries to the database and potentially generate alerts for RiskIQ mobile threats users.  This database also includes all "feral" mobile app files found across RiskIQ crawls outside of dedicated app stores.

These apps are monitored and updated periodically to confirm whether or not the posting is still active, and to check for updated details and new versions. 

Getting There

Click on Research in the top navigation menu, and select Mobile App.

Mobile App Details

Click on the title of any app in the list to view it's details. 

If mobile inventory is enabled, you can also claim an app as official (published on or behalf of your organization, by using the 'Add to Inventory' button.

If Rogue Mobile App events are enabled, you can also add this app to your events using the 'Create event' button.

Filtering and Searching Mobile App Entries

You can filter apps using the quick filters on the left, by expanding any filter type and selecting or de-selecting choices. 

For complex queries, click on the currently applied filter at the top left to edit it (by default, this filter will be "Status = Active" when you load the screen). 

This will open the query builder dialog, where you can use drop-down lists of filter/operator choices and create AND and OR clauses to build your query.

You can alternatively type your query directly into the query bar if you know the filter syntax you would like to use. 

Mobile App Filters

Below is a list of the filters you can use to search apps from RiskIQ.  

Official ID

The unique ID of the app in the official store / on your device (ex. for Android apps, this is the package name; for iOS, it's the Apple ID)

MD5

The MD5 hash of the binary file

Title

The title of the app as listed in the app store posting

Description

The description of the app as listed in the app store posting

Category

The category of the app as listed in the app store posting

Store

The name of the app store in which the app is posted

Comments

Search for keywords in any available comments left by users on the app (Google Play only)

Permissions

Search for apps with a particular permission

Version

Search by version number of the app

URLs

Search for apps that contain certain URLs within the app file (Android only)

File Names

Search for apps that contain a particular file name (Android only)

Text Files

Search for apps that contain a specific string or keyword within the contents of their files (Android only)

Blacklist Score

(If applicable) the total blacklist score for this app (determined by the number of vendors who flagged it / number of observed blacklisted resources)

AV Vendor and Description

Search for a keyword in either the names of AV vendors in VirusTotal who came up with results for this binary or the results they provided

AV Vendor

Search for a keyword/specific AV vendor's name to find apps where that vendor had results for the binary

AV Description

Search for a keyword in the results provided by any AV vendor for a binary (ex. the name of a malware family) 

Date

The date the app was first seen by RiskIQ

Status

Whether the app is active (the posting is still available online) or not

Developer

The name of the developer as listed in the app store posting

Contact Email

The email contact listed for the developer in the store posting (official stores only)

Contact URL

The website listed for the developer in the store posting (official stores only)

Binary Available
Whether or not this app has a binary file associated to the posting
Platform
The operating system for which the app was written (ex. Android, iOS, Windows, Blackberry, etc.)
Available Countries
Which version of the store this app is listed in (Apple iTunes only, only Apple and Google have multiple versions of the store for different countries--all other stores are available to visitors in any country)

Adding Apps to the Database

If you have the proper permissions, you can also add apps to database if you find something that is missing using the button at the top right of the screen. 

You can either enter a URL from an app store that RiskIQ covers, but has not seen as a result for any keyword search, or you can upload an APK file directly as a feral app.