mobile phone user (Don Pablo/


Real-time protection against malicious mobile traffic

The name of Mitre's intrusion-prevention app for Android might be less than transparent, but its purpose is not. APE was designed to monitor network traffic on smartphones and block any activity that isn’t playing by the rules, whether it comes from malware, viruses or a hacker.

Cybersecurity Finalists

APE: Novel Intrusion Prevention for Android
Department of Homeland Security

Baseline Tailor
National Institute of Standards and Technology, Department of Commerce

Continuous Diagnostics and Mitigation Program

Derived PIV Credentials for Mobile Devices
Federal Emergency Management Agency, DHS

Security Accreditation in the C2S Isolated Cloud Region
Intelligence Community


Click here for the full list of 2017 Dig IT finalists for all categories. And please join us at the Oct. 19 Dig IT Awards gala.

“I initially focused on a slightly different problem,” said Mark Mitchell, APE’s developer and a senior multidiscipline systems engineer at Mitre. “In my personal experience, I noticed what seemed to be a lack of publicly available information about what types of attacks were being used against smartphones in the wild. This caused me to look into monitoring network traffic on smartphones.”

Then Mitchell had an “Aha!” moment. “Instead of just monitoring network traffic and recording statistics and metadata, I thought, ‘Why don’t I just block the attacks in real time?’”

Mitchell began building APE nearly two years ago but said it was put on hold for a time. “Then we were accepted into the Department of Homeland Security’s Transition to Practice Program, a technology accelerator that focuses on enabling technology transition from the lab into the broader marketplace,” he said. “They’ve helped us to further focus on a real-world problem and to validate the market and the technology itself.”

APE examines all IPv4 network traffic that enters and leaves the smartphone via cellular or Wi-Fi connections and then compares the traffic to a locally stored rule set that defines malicious behavior. If the traffic violates the rules, the app blocks the data packet. The app can also block specific IP addresses, likely attack byte patterns and unnecessary protocols.

According to Mitchell, APE is designed to be invisible to users unless a problem is detected. And a key to the app’s effectiveness is the fact that it is an app instead of part of the operating system.

“It operates in normal user space, so it can be updated much more quickly than the operating system itself,” Mitchell said. “A patch for Android typically takes at least a few weeks to deploy, or it can take months, or you may never get a patch.”

Mitchell said the future of APE — its exact feature set and market appearance — will be up to a commercialization partner. Although the timing is unclear, “we’ve had interest from a few companies,” he said.

And what about the name? The “A,” somewhat recursively, stands for “APE.” The “P” stands for “prevention.” And the “E”? It’s just the third letter in “prevention.”

Editor's note: This article was changed Oct. 9 to attribute Mitre as the developer/owner of the APE app.

About the Author

Patrick Marshall is a freelance technology writer for GCN.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected