Best Practice for Suspicious Android Apps


Article ID: 157488


Updated On:


Mobile Security


An suspicious app has been found on the enterprise Android devices that are protected by Symantec Mobile Security 7.2.  This app seems to perform different actions or have different functionality than it claims, and it is feared that this app is malicious.  What response should an administrator take?  


Submit the suspicious file

Symantec's submission process for mobile threats (for instance, a suspicious .apk Android app installer file) is exactly the same as it is for threats that target Windows computers.  Symantec Security Response will examine the file and, if necessary, release signatures over LiveUpdate against any verified new threats.  

Details on how to submit files can be found in the documents linked below.  


Create a policy against the app 

Until official Symantec signatures are available against a threat, it is recommended that the Administrator add an entry against the suspicious app in the App Control policy that is in effect.  Android devices with SMS 7.2 which detect this app during scans or during an attempted installation will raise a warning prompt for the app to be uninstalled.  

Details on App Control policy can be found in the article linked below.