Application Policies

Malicious Applications

Applications that have both risky capabilities and have malicious intents are categorized as malicious applications by the Harmony Mobile Behavioral Risk Engine (BREClosed Behavioral Risk Engine). Their risk level is always set to High and you cannot configure it.

Risky Applications

Applications that have bad reputation or that may pose a security risk to the organization are considered to be risky applications.

To set the risk level for these applications:

  1. Go to Policy and select a policy profile.

  2. Click ApplicationRisky Applications and set the Risk Level for these classifications:

    Classification

    Description

    Risk Level

    Backup Tool

    Set the Risk Level if an application backs up sensitive information from the device.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Dangerous App

    Set the Risk Level if a legitimate application can compromise the device, change configuration, or provide unauthorized access to corporate resources.

    • High (Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Debug Certificate

    Set the Risk Level if an application is signed by a debug certificate.

    • No Risk (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Hacking Tool

    Set the Risk Level if an application compromises local network data, device data or application data (on either device or server).

    • Medium (No Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Location Tracking

    Set the Risk Level if an application allows remote access to the device location without the user's consent.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    App Not Available in Market

    Set the Risk Level if an application previously available in the app store is removed.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Network Redirection Tool

    Set the Risk Level if an application redirects network communication without the user's consent.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Non Official App Store App

    Set the Risk Level if an application is not verified by an official app store.

    • Medium (No Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Device Tracking Tool

    Set the Risk Level if an application allows remote access to the device location without the user's consent.

    • Medium (Dismissive Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Remote Access Tool

    Set the Risk Level if an application allows remote control of the device without the user's consent.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Rooting Tool

    Set the Risk Level if an application is identified as a rooting or jailbreak tool.

    • Low (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Rough Ad-Network

    Set the Risk Level if an application contains an ad-network and can leak sensitive data from the device and violates user privacy.

    • High (Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Suspicious App

    Set the Risk Level if an application has suspicious capabilities.

    • Medium (No Device Alert) (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Generative-AI

    Set the Risk Level if an application uses Artificial Intelligence (AI) services.

    • No Risk (Default)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

  3. To save the policy changes, click Save.

Block Application Traffic

You can block the traffic generated by or intended to a risky application based on the specified risk level. For example, if you specify the risk level as Medium, then the system blocks the traffic for all applications whose risk level is Medium or higher.

To block the application traffic, you must:

  1. Set On-device Network Protection to Always ON or Turn ON when device is at High risk.

  2. Set Network Protection Working Mode to Full Inspection.

    For more information, see Network Protection.

You can determine the risk level of an application from one of these:

To block the application traffic:

  1. Go to Policy and select a policy profile.

  2. Click ApplicationBlock Application Traffic.

  3. Select the Block Application traffic when application is in the following risk level checkbox.

  4. From the drop-down list, select the risk level.

Notes :

  • This option is supported only for Android devices where ONP is set to Full Inspection.

  • Only the application's traffic is blocked, not the application.

Application Categories

In this section, you can set risk level for the different application categories.

To add a new application category:

  1. Go to Policy and select a policy profile.

  2. Click ApplicationApplication Categories.

  3. In the table, click Add.

    A window appears.

  4. Set these parameters:

    Item

    Description

    Application Category

    Select the application category (Category obtained from Google Play (Android) and Play Store (iOS)).

    Risk Level

    Set the Risk Level:

    • No Risk (Default)

    • High (Device Alert)

    • Medium (Device Alert)

    • Medium (No Device Alert)

    • Medium (Dismissive Device Alert)

    • Low

    • No Risk

    Block Application Traffic on Android

    Select this checkbox to block application traffic on Android devices.

    The feature works only for Android devices that enable the On Device Network Protection feature.

  5. To delete a category, select it and click Delete.

  6. To save the policy changes, click Save.

Application Exceptions

You can override the application's analyzed risk level according to the application package or developer certificate on Android devices. By default, it inherits the settings from the Global policy.

To add an exception to an application:

  1. Go to Policy and select a policy profile.

  2. Click ApplicationApplication Exceptions.

  3. In the table, click Add.

    A window appears.

  4. Select one of these:

    • Package name:

      1. Enter the application Package name.

      2. To apply the exception only to a specific version, select the Apply only to specific version checkbox.

      3. In the Version field, enter the application package version number.

        Note - Version field appears only if you select Apply only to specific version checkbox.

      4. From the Risk Level drop-down list, select the risk level:

        • High – The system changes the application's risk level to High Risk. As a result, the actual application triggers on-device mitigation and a pop-up event. This app triggers an increase in the risk level of the device.

        • No risk – The system changes the application's risk level to No Risk. The application no longer triggers on-device mitigation or a pop-up event.

        • Ask for user approval – When the user installs an app, the user is prompted about the risk and can allow or disallow the application.

      5. Click Add.

    • Developer certificate (applies only to Android applications):

      1. In the Developer certificate field, enter the certificate ID.

      2. From the Risk Level drop-down list, select the risk level:

        • High

        • No risk

        • Ask for user approval

      3. Click Add.

  5. To save the policy changes, click Save.

If you do not know the applications details:

  1. Go to Forensics > Applications.

  2. Find the relevant application and click the Global Policy value.

    The Application Exceptions section appears with the chosen application details.

  3. Select the Risk Level and click Add.

  4. To save the policy changes, click Save.