Abstract: The disclosed computer-implemented method for detecting suspicious applications based on how entry-point functions are triggered may include (1) identifying an application that is capable of accessing a data-access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing system and/or a data-transfer API programmed to send information outside of the computing system, (2) identifying an entry-point function of the application whose execution results in a call to the data-access API and/or the data-transfer API, (3) determining how the entry-point function is triggered, (4) determining whether the application is suspicious based on how the entry-point function is triggered, and (5) performing a security action based on whether the application is suspicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for identifying malicious downloadable applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying malicious downloadable applications comprising receiving a signature of a downloadable application, identifying, using at least one computer processor, a known good application having at least one attribute in common with the downloadable application and having a signature different from the signature of the downloadable application, analyzing the downloadable application to evaluate one or more risk factors based at least in part on the at least one common attribute and the difference in signatures, and determining, based on the evaluated one or more risk factors, one or more responsive actions.

Abstract: A computer-implemented method may include facilitating registration for a service capable of determining whether strangers who come in contact with one another share one or more characteristics in common. The computer-implemented method may also include obtaining, as part of the registration for the service, permission for the service to access at least a portion of one or more social-networking accounts associated with each of the strangers. The computer-implemented method may further include determining, subsequent to the registration for the service, that the strangers registered for the service have come in contact with one another and then providing the service to the strangers in response to this determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for determining whether transmission of sensitive data is expected may include (1) identifying a computer program that is to be analyzed to determine whether the computer program unexpectedly transmits sensitive data, (2) simulating user input to the computer program while the computer program is executing, (3) identifying a context of the simulated user input, (4) identifying transmission of sensitive data that occurs after the user input is simulated, (5) determining, based on the context of the simulated user input, whether the transmission of sensitive data would be an expected result of the user input, and (6) performing a security action with respect to the computer program based on whether the transmission of sensitive data is expected. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for detecting unintentional information disclosure. The method may include: 1) identifying at least one data access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing device, 2) monitoring attempts to use the data access API, 3) while monitoring attempts to use the data access API, detecting an attempt by an application to access the sensitive information through the data access API, 4) in response to detecting the attempt to access the sensitive information, tracking the sensitive information accessed by the application, 5) detecting an attempt to leak the sensitive information outside of the computing device, and 6) in response to detecting the attempt to leak the sensitive information outside of the computing device, performing a security action.