Mobile App Research
In this section, you can access and search RiskIQ's collection of tens of millions of mobile apps collected across all stores.
These apps are gathered by searching through hundreds of app store websites and searching for specified keywords of interest. When interesting results are found in the app store website, RiskIQ clicks on each result, parses out the specific information in the web page, and downloads the file automatically if the store provides it, in order to add new entries to the database and potentially generate alerts for RiskIQ mobile threats users. This database also includes all "feral" mobile app files found across RiskIQ crawls outside of dedicated app stores.
These apps are monitored and updated periodically to confirm whether or not the posting is still active, and to check for updated details and new versions.
Click on Research in the top navigation menu, and select Mobile App.
Mobile App Details
Click on the title of any app in the list to view it's details.
If mobile inventory is enabled, you can also claim an app as official (published on or behalf of your organization, by using the 'Add to Inventory' button.
If Rogue Mobile App events are enabled, you can also add this app to your events using the 'Create event' button.
Filtering and Searching Mobile App Entries
You can filter apps using the quick filters on the left, by expanding any filter type and selecting or de-selecting choices.
For complex queries, click on the currently applied filter at the top left to edit it (by default, this filter will be "Status = Active" when you load the screen).
This will open the query builder dialog, where you can use drop-down lists of filter/operator choices and create AND and OR clauses to build your query.
You can alternatively type your query directly into the query bar if you know the filter syntax you would like to use.
Mobile App Filters
Below is a list of the filters you can use to search apps from RiskIQ.
The unique ID of the app in the official store / on your device (ex. for Android apps, this is the package name; for iOS, it's the Apple ID)
The MD5 hash of the binary file
The title of the app as listed in the app store posting
The description of the app as listed in the app store posting
The category of the app as listed in the app store posting
The name of the app store in which the app is posted
Search for keywords in any available comments left by users on the app (Google Play only)
Search for apps with a particular permission
Search by version number of the app
Search for apps that contain certain URLs within the app file (Android only)
Search for apps that contain a particular file name (Android only)
Search for apps that contain a specific string or keyword within the contents of their files (Android only)
(If applicable) the total blacklist score for this app (determined by the number of vendors who flagged it / number of observed blacklisted resources)
AV Vendor and Description
Search for a keyword in either the names of AV vendors in VirusTotal who came up with results for this binary or the results they provided
Search for a keyword/specific AV vendor's name to find apps where that vendor had results for the binary
Search for a keyword in the results provided by any AV vendor for a binary (ex. the name of a malware family)
The date the app was first seen by RiskIQ
Whether the app is active (the posting is still available online) or not
The name of the developer as listed in the app store posting
The email contact listed for the developer in the store posting (official stores only)
The website listed for the developer in the store posting (official stores only)
|Binary Available||Whether or not this app has a binary file associated to the posting|
|Platform||The operating system for which the app was written (ex. Android, iOS, Windows, Blackberry, etc.)|
|Available Countries||Which version of the store this app is listed in (Apple iTunes only, only Apple and Google have multiple versions of the store for different countries--all other stores are available to visitors in any country)|
Adding Apps to the Database
If you have the proper permissions, you can also add apps to database if you find something that is missing using the button at the top right of the screen.
You can either enter a URL from an app store that RiskIQ covers, but has not seen as a result for any keyword search, or you can upload an APK file directly as a feral app.