Mobile Security: Phishing API

Beta

This API is currently in beta. This means that Data Theorem may make API-breaking changes to it, or it may not look exactly like the final version of the API.

Authentication

As with most of Data Theorem’s APIs, you must create an API Key, and that API Key must be granted access to the Mobile Phishing API. Please review API Conventions – Authentication and Authorization for more information on setting up the API Key.

In order to authenticate your request, you must provide the API Key within the Authorization header, with a “type” of APIKey. For example, if your API Key’s value is 1234567890abcdefgh=, then the Authorization header should look like the following:

1	Authorization: APIKey 1234567890abcdefgh=

With curl, it may look like:

1	$ curl -X GET -H "Authorization: APIKey 1234567890abcdefgh=" https://api.securetheorem.com/apis/mobile_security/clone/v1beta1/discovered_apps

Listing All discovered phishing application

1	$ curl -X GET -H "Authorization: APIKey 1234567890abcdefgh=" https://api.securetheorem.com/apis/mobile_security/clone/v1beta1/discovered_apps

The main fields returned by the api will be:

canonical_id: The id of the discovered phishing application
platform: The type of application:
    - ANDROID
    - IOS
store: Information about the store that contains the application
date_seen_first: The first time the app was discovered
date_seen_last: The last time our scanner discovered the application
triaging_decision: The decision that have been taken for the applicaton if any
    - ACCEPT_RISK
    - TAKE_DOWN
infringement_level: the level of infrigment of the application:
    - CLONE
    - BRAND_MISUSE
cloned_legitimate_app: If the application is a clone of one of your legitimate application , this field includes details about the application
events: History of our scanner discovery
Each event have a type field that can be:
    - APP_DISCOVERED
    - APP_TAKE_DOWN_INITIATED
    - APP_REMOVED
    - APP_TRIAGING_DECISION_MADE
    - COMMENT_ADDED
    - COMMENT_DELETED
    - APP_REAPPEARED

The results can be filtered by any of those fields:

filter_by_discovered_application_keyword:
    - A list of discovered application keywords separated by a comma
    - Any application having at least one of those keyword will be returned
    - example: music, electronic, player
filter_by_infringement_level:
    - CLONE
    - BRAND_MISUSE
filter_by_triaging_decision:
    - ACCEPT_RISK
    - TAKE_DOWN
    - NO_DECISION_MADE
filter_by_discovered_app_status:
    - ONLINE
    - APP_REMOVED

The results can be ordered by any of those value:

- DATE_SEEN_FIRST_ASC
- DATE_SEEN_FIRST_DESC
- DISCOVERED_APPLICATION_NAME_ASC
- DISCOVERED_APPLICATION_NAME_DESC
- DISCOVERED_APP_STATUS_ENUM_ASC
- DISCOVERED_APP_STATUS_ENUM_DESC
- INFRINGEMENT_LEVEL_ENUM_ASC
- INFRINGEMENT_LEVEL_ENUM_DESC

By default, the API only returns the 50 first results, you can modify the number of returned result by setting the query parameters:

page_size (min: 1, max: 500)

When you call the API to list all the application the following fields will be returned

1
2
3

- pagination_information:
     - total_count: The total number of discovered application
     - next_cursor: The pagination cursor to add in the next query to receive the next batch of discovered applications

Example of a paginated call:

1	$ curl -X GET -H "Authorization: APIKey 1234567890abcdefgh=" https://api.securetheorem.com/apis/mobile_security/clone/v1beta1/discovered_apps?page_size=100&cursor=AB123=

Listing All legitimate onboarded application

1	$ curl -X GET -H "Authorization: APIKey 1234567890abcdefgh=" https://api.securetheorem.com/apis/mobile_security/clone/v1beta1/legitimate_apps