Search

EP-4414872-B1 - TECHNIQUES FOR DISPLAYING WARNINGS ABOUT POTENTIALLY PROBLEMATIC SOFTWARE APPLICATIONS

EP4414872B1EP 4414872 B1EP4414872 B1EP 4414872B1EP-4414872-B1

Inventors

  • JACOBSON, Garrett A.
  • UNDERWOOD, DANIEL C.
  • VAN LOON, Sunjin C.
  • MARTEL, PIERRE-OLIVIER J.

Dates

Publication Date
20260506
Application Date
20240308

Claims (14)

  1. A method for enabling computing devices (122, 600) to display warnings when software applications (104) are launched on the computing devices (122, 600), the method comprising, by a management entity (108): analyzing (502) a plurality of software application assets (106) to flag a subset of software application assets (106), SAAs; generating (504) a bloom filter based on the subset of SAAs; adding (506), to a data structure (112, 114, 124), a respective entry (115) for each SAA in the subset of SAAs; distributing (508) the bloom filter to at least one computing device of the computing devices (122, 600); receiving (510), from the at least one computing device, a request to indicate whether a particular SAA has in fact been flagged, wherein the request is generated by the at least one computing device in response to identifying, using the bloom filter distributed to the at least one computing device, that an SAA has potentially been flagged; determining (512), by referencing the data structure (112, 114, 124), that the particular SAA has in fact been flagged; providing (514), to the at least one computing device, a respective informational package that is based at least in part on the respective entry (115) for the particular SAA, wherein the informational package is configured to be incorporated into a file system attribute associated with the software application that is stored on the at least one computing device, wherein the respective informational package causes the at least one computing device to, in association with launching a software application (104) that utilizes the particular SAA on the at least one computing device, display a warning that is based at least in part on the respective informational package when the file system attribute is accessed as part of launching the software application.
  2. The method of claim 1, wherein generating the bloom filter based on the subset of SAAs comprises, for each SAA in the subset of SAAs: generating, using a plurality of hash functions (208), respective hash values (210) for the SAA; and configuring the bloom filter in accordance with the respective hash values (210).
  3. The method of claim 1, wherein, within the data structure (112, 114, 124), the respective entry (115) for each SAA in the subset of SAAs includes: (1) a respective hash value (116, 210) for the SAA; and (2) the respective informational package, wherein the respective informational package includes: first information about why the SAA was flagged, and second information about remedial options, if any, available for mitigating a cause of the SAA being flagged.
  4. The method of claim 3, wherein, for a given entry (115) within the data structure (112, 114, 124): the first information is obtained using crowdsourcing, analytics services, machine learning models trained to identify natures of SAAs, or some combination thereof; and the second information is obtained by determining whether an updated version of the software application (104) is available and does not utilize the particular SAA.
  5. The method of claim 1, wherein the plurality of SAAs comprises: code directories, source code files, executable files, configuration files, library files, database files, resource files, markup and stylesheet files, script files, configuration files, documentation files, log files, temporary files, binary data files, license files, version control files, or some combination thereof.
  6. The method of claim 2, further comprising: analyzing a plurality of supplemental SAAs to flag a supplemental subset of SAAs; generating a supplemental bloom filter based on the supplemental subset of SAAs; generating an update package for updating the bloom filter to reflect the supplemental bloom filter; adding, to the data structure (112, 114, 124), a respective entry (115) for each supplemental SAA in the supplemental subset of SAAs; and distributing the update package to the at least one computing device to cause the at least one computing device to update the bloom filter to reflect the supplemental bloom filter.
  7. The method of claim 1, wherein the request and the respective informational package are transmitted using a secure communication channel that is formed between the management entity (108) and the at least one computing device using a private relay protocol.
  8. A system (100) comprising a management entity (108) and computing devices (122, 600), the management entity configured to enable the computing devices (122, 600) to display warnings when software applications (104) are launched on the computing devices (122, 600), the management entity (108) comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the management entity (108) to carry out steps that include: analyzing (502) a plurality of software application assets (106) to flag a subset of software application assets (106), SAAs; generating (504) a bloom filter based on the subset of SAAs; adding (506), to a data structure (112, 114, 124), a respective entry (115) for each SAA in the subset of SAAs; distributing (508) the bloom filter to at least one computing device of the computing devices (122, 600); receiving (510), from the at least one computing device, a request to indicate whether a particular SAA has in fact been flagged, wherein the request is generated by the at least one computing device in response to identifying, using the bloom filter distributed to the at least one computing device, that an SAA has potentially been flagged; determining (512), by referencing the data structure (112, 114, 124), that the particular SAA has in fact been flagged; providing (514), to the at least one computing device, a respective informational package that is based at least in part on the respective entry (115) for the particular SAA, wherein the informational package is configured to be incorporated into a file system attribute associated with the software application that is stored on the at least one computing device, wherein the respective informational package causes the at least one computing device to, in association with launching a software application (104) that utilizes the particular SAA on the at least one computing device, display a warning that is based at least in part on the respective informational package when the file system attribute is accessed as part of launching the software application.
  9. The system (100) of claim 8, wherein generating the bloom filter based on the subset of SAAs comprises, for each SAA in the subset of SAAs: generating, using a plurality of hash functions (208), respective hash values (210) for the SAA; and configuring the bloom filter in accordance with the respective hash values (210).
  10. The system (100) of claim 8, wherein, within the data structure (112, 114, 124), the respective entry (115) for each SAA in the subset of SAAs includes: (1) a respective hash value (116, 210) for the SAA; and (2) the respective informational package, wherein the respective informational package includes: first information about why the SAA was flagged, and second information about remedial options, if any, available for mitigating the cause of the SAA being flagged.
  11. The system (100) of claim 10, wherein, for a given entry (115) within the data structure (112, 114, 124): the first information is obtained using crowdsourcing, analytics services, machine learning models trained to identify natures of SAAs, or some combination thereof; and the second information is obtained by determining whether an updated version of the software application (104) is available and does not utilize the particular SAA.
  12. The system (100) of claim 8, wherein the plurality of SAAs comprises: code directories, source code files, executable files, configuration files, library files, database files, resource files, markup and stylesheet files, script files, configuration files, documentation files, log files, temporary files, binary data files, license files, version control files, or some combination thereof.
  13. The system (100) of claim 9, wherein the steps further include: analyzing a plurality of supplemental SAAs to flag a supplemental subset of SAAs; generating a supplemental bloom filter based on the supplemental subset of SAAs; generating an update package for updating the bloom filter to reflect the supplemental bloom filter; adding, to the data structure (112, 114, 124), a respective entry (115) for each supplemental SAA in the supplemental subset of SAAs; and distributing the update package to the at least one computing device to cause the at least one computing device to update the bloom filter to reflect the supplemental bloom filter.
  14. The system (100) of claim 8, wherein the request and the respective informational package are transmitted using a secure communication channel that is formed between the management entity (108) and the at least one computing device using a private relay protocol.

Description

FIELD The described embodiments set forth techniques for displaying warnings about potentially problematic software applications. In particular, the techniques involve enabling computing devices to efficiently identify when problematic software applications are being utilized thereon, and to display associated warning and remedial information. BACKGROUND Recent years have shown a proliferation of software applications designed to operate on computing devices such as desktops, laptops, tablets, mobile phones, and wearable devices. The increase is primarily attributable to computing devices running operating systems that enable third-party applications to be developed for and installed on the computing devices (alongside various "native" applications that typically ship with the operating systems). This approach provides innumerable benefits, not least of which includes enabling the vast number of worldwide developers to exercise their creativity by using powerful application programming interfaces (APIs) that are available through the aforementioned operating systems. Different approaches can be utilized to enable users to install third-party software applications on their computing devices. For example, one approach involves an environment that is, for the most part, unrestricted in that developers are able to write software applications capable of accessing virtually every corner of the operating systems / computing devices onto which they will ultimately be installed. Under this approach, users typically also are able to freely download and install the software applications from any developer and/or distributor. In one light, this approach provides developers and users a considerably high level of flexibility in that they are able to participate in an operating environment that is largely uninhibited. At the same time, this approach is rife with security drawbacks in that faulty, malicious, etc., software applications are pervasive and commonly installed by unassuming users. To mitigate the foregoing deficiencies, an alternative approach involves implementing an environment that is more restricted in comparison to the foregoing unrestricted environments. In particular, a restricted environment typically involves a software application store that is implemented by an entity that (typically) is also linked to the operating systems and/or computing devices onto which the software applications ultimately will be installed. Under this approach, developers are required to register with the software application store as a first line of vetting. In turn, the developers submit proposed software applications to the software application store for an analysis as to whether the software applications conform to various operating requirements, which constitutes a second line of vetting. Ultimately, when a software application is approved for distribution through the software application store, users are permitted to download the software application onto their computing devices. Accordingly, this approach affords the benefit of considerable security enhancements in comparison to the aforementioned unrestricted environments. Regardless of which approach, environment, etc., is utilized, malicious developers continue to design software applications that attempt to circumvent existing security measures in order to exploit end users. Moreover, negligent, inexperienced, etc., developers continue to design software applications that can lead to the exploitation of end users. Accordingly, there exists a need for notifying users when they are about to launch potentially problematic software applications on their devices. CN 115 827 702 A relates to a Bloom filter-based software white list query method. SUMMARY The invention is defined by the appended independent claims. The dependent claims define advantageous embodiments. This Application sets forth techniques for displaying warnings about potentially problematic software applications. In particular, the techniques involve enabling computing devices to identify when problematic software applications are being utilized thereon, and to display associated warning and remedial information. One embodiment sets forth a method for displaying warnings when potentially problematic software applications are launched on computing devices. According to some embodiments, the method can be implemented by a computing device, and includes the steps of (1) maintaining a probabilistic data structure that is based on a plurality of software application assets that have been flagged as problematic, (2) receiving a first request to install a software application that is comprised of at least one software application asset, (3) installing the software application, (4) identifying, using the probabilistic data structure, that the at least one software application asset has potentially been flagged as problematic, (5) identifying, by interfacing with a management entity, that the at least one software