Lookout’s Default Security policy refers to the Risk Level that has been assigned to a threat classification. The Risk Level can be changed by the admin to better suit their company. Below we will go over the classifications for Low, Moderate and High Risk Levels.
Low Risk Level
Adware - Adware contains code from an advertising network to collect personal information or engage in intrusive presentations of advertising without providing proper notification. This functionality can include adding shortcuts to the desktop or displaying ads in the notification tray.
Chargeware - Chargeware will charge a device's wireless bill for services without providing adequate information about the charges or giving users an opportunity to accept the charges.
Click Fraud - Click fraud applications use devices to defraud pay-per-click or pay-per-download advertising, which may result in data overage charges on a device's wireless bill.
Riskware - Riskware includes code, libraries, or network services that pose a risk to devices due to known vulnerabilities in the code or the low reputation of services providers used by the code. This type of application is not known to be malicious, but may subject devices to more risk than a typical application.
Sideloaded App (Only for iOS) - The application was installed on the device through a source other than the Apple App Store and it is not signed by an Enterprise Provisioning Profile approved by your organization. This app has a circumvented the App Store approval process and may possibly be harmful. It may also be an app under development or being tested by this user. If you believe this app does not pose a risk to your organization, you may allow it to be sideloaded.
Toll Fraud - Toll fraud applications send premium SMS or make calls to premium rate numbers that charge a device's wireless bill, often with little or no indication to the device user.
Virus - A class of test applications (such as the EICAR test file) designed to test the efficacy of anti-malware detection.
Moderate Risk Level
App Dropper - App droppers download applications to devices without user consent. They may suggest that the user install the downloaded application and the downloaded application itself may be malicious.
Data Leak - Data leaking applications send information about users and/or their devices to a third party without user knowledge or consent. Forwarded information may include contacts, calls SMS messages, current or previous location data, and browsing history. The information or may not be used for malicious purposes.
Root Enabler - Root Enablers give users access to privileged functionality on their devices and are commonly used in phone modification communities to enable full access and control over the device.
Root / Jailbreak - The device has been rooted or jailbroken by the device user. Users that root or jailbreak their devices typically do so to access restricted content or device functionality.
Spam - Spam applications send SMS or make calls from devices to enable spam campaigns, which may result in fraudulent charges on a device's wireless bill.
Spyware - Spyware application harvest information from a large number of devices. They hide on devices and forward information about device activities to a third party. Information forwarded may include contacts, calls, SMS messages, current or previous locations, and browsing history. Users may install this software themselves, so they may not want to remove it.
High Risk Level
Backdoor - Backdoors leave a file or program on a device that will allow other programs to access protected areas of the device's operating system.
Bot - Bots place significant device functionality under the remote control of a third party. This functionality may include accessing the network, sending SMS, making phone calls, or downloading applications.
Exploit - Exploits utilize a flaw in software or a component of a device's operating system, usually to gain root privileges on a device and perform privileged actions on the device, including potentially malicious actions.
Man-in-the-Middle Attack - A Man-in-the-Middle Attack occurs when a malicious actor inserts itself between the mobile device and the network or service that the user is trying to access. This makes it possible to intercept and modify data communications that the user believes to be private.
Surveillanceware - Surveillance application are generally commercial software designed to monitor a specific, targeted device. They hide on devices and record or forward information about user activities to the installer of the software. Forwarded information may include contacts, call history, SMS messages, current or previous locations and browsing history.
Trojan - Trojans perform actions other than those advertised in order to perform malicious actions such as fraudulently charging a device's wireless bill or stealing information from devices.
Worm - Worms exploit a software flaw to remotely attack devices. They will attempt to replicate themselves from device to device, and may also steal information from devices and cause unpredictable behavior.