This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2023-03-17 12:19 PM
Jump to solution

Blocking specific app on harmony mobile portal

Hey guys,

Not sure if someone may know easy (or even not easy way as long as it works lol) way to block an app on harmony mobile portal, so ios users cant get it from app store. Customer said they tried it on their MDM (which is intune), but it could not be done. My colleague and I found a way to do it for android users, but since they are mostly iphone shop, that wont do any good.

We discovered that for android, all you do is find an app via google play site and add anything AFTER = sign and that accepts it as package in the portal that you can block.

So as per below link:

https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically

Package name would simply be com.zhiliaopp.musically

This is for tik tok, but can be applied to any app, same method. Now, how in the world do you do this for application on app store? We tried similar method and no matter what we do, no luck.

Any help or pointers are always appreciated 🙌

 

Screenshot_1.png

0 Kudos
3 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-03-17 05:48 PM
Jump to solution

Go to apple.com and search for the app you're looking for.
Example: TikTok, which has the URL of: https://apps.apple.com/us/app/tiktok/id835599320
Feed the ID number from the URL into the following command: curl https://itunes.apple.com/lookup?id=835599320 | jq '.results[] | .bundleId'

This returns: "com.zhiliaoapp.musically"

I believe that's the Bundle Name you can use on Harmony Mobile 🙂

View solution in original post

(1)
Yuval_Sered
Employee
Employee
‎2023-03-18 03:32 PM
In response to the_rock
Jump to solution

Few things to explain here:

1. Both the App store and Google play are imbedded within the device OS so HM cannot interfere and block an application from being installed 

2. This is something that might be done by the MDM if you tag an app as forbidden but it depends on the MDM capabilities. since the MDM doesn't control the Android Private side, it controls only the Work side, you cannot block a user from installing the app on the private side

3. What HM can do in the policy is tag an app as allowed/not-allowed (black/white listing) that means that after installing the app HM will alert as high risk and  request the user to uninstall it. This can be accomplished on the package name level (bundle_ID) or on  a specific version of the package name (the UI Expects a package name of the app not the SHA256/SHA1)

Yuval

View solution in original post

(1)
michell
Employee
Employee
‎2023-03-20 08:54 AM
In response to the_rock
Jump to solution

Hi Andy

  1. By setting the risk level of the Tik Tok app to high, end-user will get the notification as in the attachment (Screenshot...). This notification clearly indicates that the user should remove this app from their mobile device and why. From there, uninstallation is one-click ahead. Security admin are also reported the devices on which Tik Tok is installed in their Harmony Mobile management console under Events & Alerts (see attached screenshot).

  2. By enabling the option to block the risky application traffic, on Android and assuming ONP is enabled in your policy, you can also quarantine the Tik Tok mobile app in a one-click configuration (see attached) - With this configuration, no traffic is able to reach the Tik Tok app and the Tik Tok app is not able to access any external (C&C?) servers on the Internet.

  3. Now, taking it the next level, if you want to block any access from the mobile fleet to Tik Tok servers (whether from the mobile app or from a mobile browser), you can also define a network filtering rule under your Policy/Network/Blocked Locations. By importing the attached list of Tik Tok resources (domain names and IPs) - tiktok-Domains&Ips-short.csv, you will be able to ensure that no mobile device protected by Harmony Mobile is able to access the Tik Tok servers. Any attempt to access one of those domain names or IPs will trigger a local notification on the mobile device for the end-user and an event will be reported to the security admin in the admin console.

 

We plan to release a detailed SK article with all those policy options explained in the next few days,

 

Michel

View solution in original post

Preview file
193 KB
Preview file
1 KB
Preview file
147 KB
Preview file
171 KB
Preview file
297 KB
(1)
19 Replies
the_rock
Legend
Legend
‎2023-03-17 12:34 PM
Jump to solution

Harmony mobile admin guide should contain this info, rather than customers having to "comb" for this themselves...anywhoo : - )

I found out how to do this, no clue if it will work, will ask customer to test.

Say for tik tok, you get the link by googling the app:

https://apps.apple.com/ca/app/tiktok/id835599320

Then, examine the cert and look for fingerprint and add whats there and block it:

Screenshot_2.png

This is what it shows then in portal once added:

 

Screenshot_3.png

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-17 05:48 PM
Jump to solution

Go to apple.com and search for the app you're looking for.
Example: TikTok, which has the URL of: https://apps.apple.com/us/app/tiktok/id835599320
Feed the ID number from the URL into the following command: curl https://itunes.apple.com/lookup?id=835599320 | jq '.results[] | .bundleId'

This returns: "com.zhiliaoapp.musically"

I believe that's the Bundle Name you can use on Harmony Mobile 🙂

(1)
the_rock
Legend
Legend
‎2023-03-17 07:00 PM
In response to PhoneBoy
Jump to solution

Thanks! So based on all my screenshots, is it fair to say names would be same for both android and apple or it really depends on the app? Cause TAC case we have open for this, guy emailed saying its not even possible to block the app, which IM not so sure its accurate.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-18 03:54 AM
In response to the_rock
Jump to solution

In this case, it’s the same.
That may not be the case for other apps.

(1)
the_rock
Legend
Legend
‎2023-03-18 06:03 AM
In response to PhoneBoy
Jump to solution

Thanks, you are the best, in case no one said that before :). By the way, I cant say 100% that will work, but let customer confirm next week. I ran what you sent (just with curl_cli -k command) and 2nd one returned for snapchat and I was able to add it (just a test).


[Expert@quantum-firewall:0]# curl_cli -k https://itunes.apple.com/lookup?id=835599320 | jq '.results[] | .bundleId'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9733 100 9733 0 0 28710 0 --:--:-- --:--:-- --:--:-- 46347
"com.zhiliaoapp.musically"
[Expert@quantum-firewall:0]# curl_cli -k https://itunes.apple.com/lookup?id=447188370 | jq '.results[] | .bundleId'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9169 100 9169 0 0 60322 0 --:--:-- --:--:-- --:--:-- 81866
"com.toyopagroup.picaboo"
[Expert@quantum-firewall:0]# ^C
[Expert@quantum-firewall:0]#

One more question Dameon...is below enough to block users from downloading the app or is something else needed?

Andy

 

Screenshot_1.png

0 Kudos
Yuval_Sered
Employee
Employee
‎2023-03-18 03:32 PM
In response to the_rock
Jump to solution

Few things to explain here:

1. Both the App store and Google play are imbedded within the device OS so HM cannot interfere and block an application from being installed 

2. This is something that might be done by the MDM if you tag an app as forbidden but it depends on the MDM capabilities. since the MDM doesn't control the Android Private side, it controls only the Work side, you cannot block a user from installing the app on the private side

3. What HM can do in the policy is tag an app as allowed/not-allowed (black/white listing) that means that after installing the app HM will alert as high risk and  request the user to uninstall it. This can be accomplished on the package name level (bundle_ID) or on  a specific version of the package name (the UI Expects a package name of the app not the SHA256/SHA1)

Yuval

(1)
the_rock
Legend
Legend
‎2023-03-18 04:34 PM
In response to Yuval_Sered
Jump to solution

Thanks @Yuval_Sered , appreciated. So to confirm, even with the changes I showed, HM can NOT block user from installing any given app, correct?

Andy

0 Kudos
michell
Employee
Employee
‎2023-03-20 08:54 AM
In response to the_rock
Jump to solution

Hi Andy

  1. By setting the risk level of the Tik Tok app to high, end-user will get the notification as in the attachment (Screenshot...). This notification clearly indicates that the user should remove this app from their mobile device and why. From there, uninstallation is one-click ahead. Security admin are also reported the devices on which Tik Tok is installed in their Harmony Mobile management console under Events & Alerts (see attached screenshot).

  2. By enabling the option to block the risky application traffic, on Android and assuming ONP is enabled in your policy, you can also quarantine the Tik Tok mobile app in a one-click configuration (see attached) - With this configuration, no traffic is able to reach the Tik Tok app and the Tik Tok app is not able to access any external (C&C?) servers on the Internet.

  3. Now, taking it the next level, if you want to block any access from the mobile fleet to Tik Tok servers (whether from the mobile app or from a mobile browser), you can also define a network filtering rule under your Policy/Network/Blocked Locations. By importing the attached list of Tik Tok resources (domain names and IPs) - tiktok-Domains&Ips-short.csv, you will be able to ensure that no mobile device protected by Harmony Mobile is able to access the Tik Tok servers. Any attempt to access one of those domain names or IPs will trigger a local notification on the mobile device for the end-user and an event will be reported to the security admin in the admin console.

 

We plan to release a detailed SK article with all those policy options explained in the next few days,

 

Michel

Preview file
193 KB
Preview file
1 KB
Preview file
147 KB
Preview file
171 KB
Preview file
297 KB
(1)
the_rock
Legend
Legend
‎2023-03-20 09:10 AM
In response to michell
Jump to solution

Thanks @michell , thats fantastic info. So just to clarify once again, does doing ALL the things you mentioned prevent iphone users from downloading the risky app from app store OR it would still let them get the app but would block any subsequent traffic ettmpt to those servers?

Cheers,

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-03-20 09:18 AM
In response to michell
Jump to solution

Reason I asked my last question is below, as it appears it ONLY applies to folks who use Android phones, NOT iphones

 

Screenshot_1.png

0 Kudos
michell
Employee
Employee
‎2023-03-20 09:34 AM
In response to the_rock
Jump to solution

Hi Andy

  1. As mentioned by Yuval, Harmony Mobile cannot control the installation and/or removal of mobile apps (unless coupled with a UEM). This is more under the UEM scope of responsibility (mobile management).

  2. Focusing on iOS, options 1 and 3 will make the job while option 2 only applies to Android -
    1. With 1.,
      1. End-user is notified he/she should remove the app and
      2. Tenant admin is reported that Tik Tok is installed on the device

    2. With 3.,
      1. The end-user is neither able to access the Tik Tok servers from the mobile app nor from any mobile browser - Blocking is also notified by a notification
      2. The tenant admin is reported access attempts to the blocked domain names and/or IPs in the console
          

I hope it clarifies and helps!

Michel

(1)
the_rock
Legend
Legend
‎2023-03-20 09:42 AM
In response to michell
Jump to solution

Thanks again guys, Im super grateful for your help

@PhoneBoy @michell and @Yuval_Sered 

Appreciate you 🙌🙌🙌

I will ask couple of guys from customer's end to test, as they are 2 people mostly involved in doing changes in the portal, so lets see what they say.

Cheers!

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-20 09:39 AM
In response to the_rock
Jump to solution

I suspect there are some differences between what Android and iOS offers in terms of filtering capabilities at the network level.
DNS names related to blocked applications can definitely be modified on iOS so the app doesn't try and connect to the real IPs.
Which I imagine would be enough in most cases to keep the app from "phoning home."
However, it's not foolproof.

(1)
michell
Employee
Employee
‎2023-03-20 11:39 AM
In response to PhoneBoy
Jump to solution

Hi,

I just ran some quick tests on my iPhone, after some fine-tuning in the list of domain names to block, it worked like a charm!

For iOS devices, you might need to add the following domain names:
- *.tiktokcdn.com
- *.tiktokcdn-us.com
- *.tiktokv.com

Attached the consolidated file to import in the policy/Network/Blocked Locations to cover Android and iOS devices.

I hope it helps

Preview file
25 KB
Preview file
38 KB
Preview file
33 KB
Preview file
1 KB
Preview file
224 KB
(1)
the_rock
Legend
Legend
‎2023-03-20 11:49 AM
In response to michell
Jump to solution

THANKS SO MUCH @michell . Im VERY grateful for your help on this, it means a lot 🙌🙌🙌. I learned few things from your guys' responses, so thats always a plus.

I gave client some options, so lets see if they can test and report back. I dont think its a "show stopper" if app can be installed, as long as it shows high risk on the portal and traffic is blocked, I believe thats most important.

Namaste 💪💪👍👍

0 Kudos
VenkateshM
Employee Alumnus
Employee Alumnus
‎2023-03-31 12:55 AM
In response to michell
Jump to solution

Also please see the related sk article Blocking an Application in Harmony Mobile - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

the_rock
Legend
Legend
‎2023-03-31 05:34 AM
In response to VenkateshM
Jump to solution

@VenkateshM ...I think it would be beneficial to also add process @PhoneBoy gave how to do this for apple IOS, since most apps would have different name depending if its google play store or app store. It just so happened that tik tok app had same name.

Andy

0 Kudos
VenkateshM
Employee Alumnus
Employee Alumnus
‎2023-04-04 08:32 PM
In response to the_rock
Jump to solution

@the_rock  Updated the SK accordingly.

the_rock
Legend
Legend
‎2023-07-18 09:13 AM
In response to VenkateshM
Jump to solution

Just to help out further if anyone has same doubt, here is easy way to check the package name.

Cheers,

Andy

 

 

 

Screenshot_1.png

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events