This article provides information about the "App reputation" feature which is used in Sophos Mobile Security.
Applies to the following Sophos product(s) and version(s)
Sophos Mobile Security
Sophos Mobile Security (SMSec) - App reputation
App Reputation uses Sophos Live Protection to provide more information about the apps which should be installed. A warning is presented for apps that have low reputation, providing users with the option to make an informed decision to authorize or uninstall the app. The result of the users decision are sent back to Sophos Labs to improve the quality of the reputation data.
How does the App Reputation work for the user?
When the App Reputation feature is turned on, Sophos Mobile Security incorporates the low-reputation category in all scans. In addition, Sophos Mobile Security checks every application on start and provides feedback to the user if a low-reputation app is detected.
For applications that have a low-reputation, are malware or that are Potentially Unwanted Applications (if PUA detection is turned on) SMSec will inform the user with a notification when starting the application.
Furthermore, the user has the possibility to prevent the start of the app, start it only for a certain period of time (i.e. until the next unlock of the device) or to permanently put this app on the allowed apps list.
This allowed apps list can be displayed in the SMSec settings. Allowed applications can be manually removed from this list.
Applications with high reputation can be always be started without any interaction with SMSec.
How can the App Reputation feature be turned on / off?
To turn the App Reputation feature on/off, the user can do this by going into the SMSec settings and enabling/disabling the feature within the "Live Protection" section.
On which information is the categorization based on?
The reputation of an app is determined by the apps prevalence across the Sophos Mobile Security customer base as provided by Live Protection telemetry data, SophosLabs detection data and feedback data based on user actions.
Such user-driven feedback is collated and processed continuously to improve the quality of the reputation data.