home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Use the Research Capability

Interact with Research App Details

When you submit an LQL query in the Research query area, any matching applications appear in the results area below the query entry area. After reviewing the query results, selecting any application listed in the query result area takes you to the application page containing summary and detailed information about the application. Descriptions of the data on each of the application research tabs follows here:

  • Summary: Displays summary information on the individual application. Summary item details are on other tabs, which the user can access directly by clicking the value of a summary object, displayed in blue. Example: Clicking the value for Sessions under Dynamic Analysis displays the Dynamic Analysis tab with the details for the Sessions value.

    Any value displayed in green on the summary or any detail tab, is a potential data query pivot point, explained in more detail in Research Query Pivots.

  • Behaviors: Displays information about the application’s observed behaviors and synthesized intelligence, including:
    • any threat detection information
    • the application’s capabilities and associated risk weighting
    • unusual asset characteristics
    • platform-specific security exceptions
    • all remote hosts (IP/FQDN) the application attempted to communicate with
    • a list of application’s files and the actions observed (read/write)
  • Dynamic Analysis: Displays information about the application’s activities observed during dynamic analysis, including:
    • the number of dynamic analysis sessions conducted on the application
    • file read/write operations
    • remote host communications (IP Flows)
    • DNS resolution requests
    • telephony activity

      Dynamic analysis is available only for Android applications. In addition, not all applications have a Dynamic Analysis tab initially as the Dynamic Analysis process might not have been completed by the time you view the application in the MES console.

  • Metadata: Displays information including:
    • the application signing certificate(s)
    • the operating system permissions/entitlements used by the application
    • the intents (actions) the application can take or request
    • application entry points which represent the ways in which the operating system/device or user interacts with the application
  • Package: Displays information including:
    • platform-specific application package metadata
    • the executables included in the application package
    • other assets included in the application package
    • executable and asset file hash values

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.