Abstract: The disclosed computer-implemented method for preventing potential phishing attacks by translating double-byte character set domain name system records may include (i) extracting a domain extension from a double-byte character set (DBCS) domain name in a universal resource locator (URL) received by a computing device, (ii) identifying a locale code associated with a language utilized on the computing device, (iii) determining if the domain extension matches the locale code, (iv) translating the DBCS domain name to a corresponding single byte character set (SBCS) domain name system (DNS) record when the domain extension matches the locale code, and (v) performing a security action that protects against a potential phishing attack based on the translated DBCS domain name. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for securing authentication procedures includes (i) monitoring, by a third-party security application, to detect reception of a second factor authentication token as an input to complete a second factor authentication procedure in connection with a second application that is independent from the third-party security application, (ii) verifying, by the third-party security application, whether or not the second factor authentication token was transmitted by a valid server in coordination with the second application as part of an authentic version of the second factor authentication procedure, and (iii) performing a security action to protect a user account based on a result of verifying whether or not the second factor authentication token was transmitted by the valid server in coordination with the second application as part of the authentic version of the second factor authentication procedure.

Abstract: The disclosed computer-implemented method for improving application installation may include (i) receiving, in response to initiating an installation procedure for an application published by a security application publisher, a signed web token that is formatted according to an Internet standard that defines a structure of the signed web token such that a private section of a payload of the signed web token asserts at least one private claim, and (ii) applying the private claim to customize the installation procedure of the application according to a configuration of a technology partner that partners with the security application publisher. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Empirical data concerning user responses to permission requests by applications are collected over time. The collected empirical data is aggregated and analyzed to determine whether a requested permission pertains to core functionality and/or key feature(s) of an application. Based on the result of the data analysis, a directive is then generated for a subsequent request for the same permission, to provide advice to a user whether to approve or reject the permission request.

Abstract: The disclosed computer-implemented method for restoring applications may include (i) detecting an indication to restore a previous version of an application installed within a mobile operating system environment, (ii) retrieving the previous version of the application from a protected location within the mobile operating system environment where a sandboxing security component stored the previous version of the application, and (iii) executing the previous version of the application within a security sandbox managed by the sandboxing security component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing persistent visual warnings for application launchers may include (i) loading an application launcher into a sandbox, (ii) monitoring one or more functions of an application from the application launcher, (iii) querying a malware detection manager using information obtained from monitoring the functions of the application to determine whether the application is potentially harmful, and (iv) modifying, based on determining that the application is potentially harmful, an icon for the application launched from the sandbox to notify a user that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Software activation using a picture-based activation key. In some embodiments, a method may include presenting, on a display of the network device, a request for a user to enter a picture-based activation key in order to activate a software application on the network device. The method may also include receiving, at the network device, the picture-based activation key that includes pictures. The method may also include confirming, at the network device, that the received picture-based activation key is a valid picture-based activation key for the software application. The method may further include, in response to confirming that the received picture-based activation key is a valid picture-based activation key for the software application, activating the software application on the network device.

Abstract: The disclosed computer-implemented method for executing application launchers may include (i) creating a security sandbox within an operating system environment, (ii) executing an original application launcher within the security sandbox, and (iii) registering the security sandbox as a new application launcher within the operating system environment such that the original application launcher is still available to a user through the security sandbox and the security sandbox supplements the original application launcher by providing a layer of protection for the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to scanning for security threats on a lightweight computing device. An example method generally includes receiving, from a mobile device, a software package including a lightweight computing device security application. A lightweight device transmits, to the mobile device, information identifying at least a first application installed on the lightweight computing device. In response, the lightweight device receives, from the mobile device, information identifying the first application as being a known security threat and remediates a security threat posed by the identified application.

Abstract: The disclosed computer-implemented method for detecting when users are uninstalling applications may include (1) monitoring, as part of an application installed on a computing device via an accessibility API provided by an operating system of the computing device, accessibility events that indicate state transitions in user interfaces of applications running on the computing device, (2) detecting, based on an analysis of at least one accessibility event, an attempt by a user to uninstall an application from the computing device, and (3) in response to detecting the attempt to uninstall the application, prompting the user to perform at least one action before allowing the application to be uninstalled. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for filtering interprocess communications may include (1) identifying a service process that provides a service on the computing device, (2) authenticating the service process, (3) identifying a request by a client process to use the service provided by the service process, (4) authenticating the client process, (5) receiving an interprocess communication from the client process directed toward the service process, (6) determining that the interprocess communication is malicious, and (7) in response to determining that the interprocess communication is malicious, blocking the interprocess communication from being communicated to the service process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for authorizing attempts to access shared libraries may include (1) detecting an attempt by a process to access a shared library, (2) identifying a call stack of the process, (3) inspecting the call stack to determine whether a method that initiated the attempt is authorized to access the shared library, and (4) causing the attempt to be allowed if the method is authorized to access the shared library or blocked if the method is not authorized to access the shared library. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service.