This disclosure relates generally to a system and method for providing a “ranking” for software applications. More particularly, but not by way of limitation, this disclosure relates to systems and methods to determine a ranking score for a software application by combining a reputation (if available) of the software author (or authoring corporation) with a code analysis to determine code similarity to known good or bad software applications. Potential software downloaders may then use the determined ranking (e.g., augmented reputation) to determine if the software application should be considered “untrustworthy” or given an implicit higher level of trust.
Internet exchange of information is common place today. One method of exchanging information is by retrieving an application from an Internet download source (referred to herein as software application store). A user retrieving an application would like to be confident that the software application is reliable and does not contain malicious content. When a new application is posted to a software application store it is difficult to assign it a software ranking (e.g., level of trust) because little is known about the new application. A standard way of providing a ranking of a software application is to receive feedback from people that have downloaded and utilized the application. However, if the software application contains malicious code the first downloaders will likely suffer the ill effects before they can prevent others from downloading the same application. Obviously, it will take some number of initial users to provide negative feedback and thus create a negative software reputation.
Another method of rating software utilizes “reputation” of sellers of the application (i.e., person or vendor posting the application to the software application store). Reputation is generally used as a method to label trustworthy sellers which could provide good results only when there is enough historical information about the seller. Reputation of a seller can be generated using many different techniques that alter a reputation up (i.e., better reputation) when a seller receives good feedback and alter the reputation down (i.e., worse reputation) when a seller receives negative feedback. However, a new user (or new software vendor) that has no historical information will by default be assigned a neutral reputation and a software application published by them will not necessarily appear “trustworthy.”
To address these and other problems users encounter with downloadable content, systems and methods are disclosed to utilize a Reputation Service “RS” which can provide a score for application sellers in conjunction with code similarity analysis to determine an aggregate score for individual applications. Given this score, other users and user devices can receive an indication of an “untrustworthy” application prior to downloading the application (i.e., a software application ranking). Actions devices can take based on these types of indications, and other improvements for ranking software applications using reputation and code similarity analysis are described in the Detailed Description section below.