Systems and methods for detecting suspicious applications based on how entry-point functions are triggered

What is claimed is: 1. A computer-implemented method for detecting suspicious applications based on how entry-point functions are triggered, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying an application that is capable of accessing: a data-access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing system; and a data-transfer API programmed to send information outside of the computing system; identifying, as part of statically analyzing the application before the application is executed, an entry-point function that acts as a point of entry into the application whose execution results in a call to at least one of: the data-access API; and the data-transfer API; determining, as part of statically analyzing the application before the application is executed, that the entry-point function is a type of function that is not triggered in response to a user's interaction with the application; determining, as part of statically analyzing the application before the application is executed based at least in part on determining that the entry-point function is the type of function that is not triggered in response to a user's interaction with the application, that the application is suspicious; and performing, in response to determining that the application is suspicious, a security action. 2. The method of claim 1 , wherein identifying the entry-point function comprises: building, without executing the application, a data-flow graph that comprises a leak path from the data-access API to the data-transfer API; analyzing the data-flow graph to determine that execution of the entry-point function results in the leak path from the data-access API to the data-transfer API. 3. The method of claim 1 , wherein: identifying the application comprises determining that the application is capable of leaking sensitive information outside of the computing system via the data-access API and the data-transfer API; identifying the entry-point function comprises determining that the execution of the entry-point function results in a call to both of the data-access API and the data-transfer API. 4. The method of claim 1 , wherein determining that the entry-point function is the type of function that is not triggered in response to a user's interaction with the application comprises identifying a predetermined trigger-type classification of the entry-point function that indicates that the entry-point function is not triggered in response to a user's interaction with the application. 5. The method of claim 4 , wherein identifying the predetermined trigger-type classification of the entry-point function comprises determining that the entry-point function is included in a predetermined list of automatically-initiated functions. 6. The method of claim 1 , wherein the entry-point function comprises at least one of: a callback method; an event listener; and an application-lifecycle function. 7. The method of claim 6 , wherein performing the security action comprises labeling the application as suspicious. 8. The method of claim 6 , wherein performing the security action comprises informing a user that the application may leak the user's sensitive information without the user interacting with the application. 9. The method of claim 1 , wherein the steps of identifying the entry-point function and determining that the entry-point function is the type of function that is not triggered in response to a user's interaction with the application are performed as part of a static data-flow analysis of the application. 10. The method of claim 1 , wherein: the data-access API comprises at least one of: an account access API; a browser-bookmark access API; a browser-history access API; a calendar access API; a camera access API; a contact access API; a location access API; a message access API; an external-storage access API; a microphone access API; a phone-call access API; the data-transfer API comprises at east one of: a message transfer API; a network transfer API; a phone-call transfer API. 11. A system for detecting suspicious applications based on how entry-point functions are triggered, the system comprising: an application-identifying module, stored in memory, that identifies an application that is capable of accessing: a data-access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing device; and a data-transfer API programmed to send information outside of the computing device; a function-identifying module, stored in memory, that identifies, as part of statically analyzing the application before the application is executed, an entry-point function that acts as a point of entry into the application whose execution results in a call to at least one of: the data-access API; and the data-transfer API; a trigger-determining module, stored in memory, that determines, as part of statically analyzing the application before the application is executed, that the entry-point function is a type of function that is not triggered in response to a user's interaction with the application; a suspicion-determining module, stored in memory, that determines, as part of statically analyzing the application before the application is executed, that the application is suspicious based at least in part on a determination that the entry-point function is the type of function that is not triggered in response to a user's interaction with the application; a security module, stored in memory, that performs a security action in response to a determination that the application is suspicious; and at least one hardware processor that executes the application-identifying module, the function-identifying module, the trigger-determining module, the suspicion-determining module, and the security module. 12. The system of claim 11 , wherein the function-identifying module identifies the entry-point function by: building, without executing the application, a data-flow graph that comprises a leak path from the data-access API to the data-transfer API; analyzing the data-flow graph to determine that execution of the entry-point function results in the leak path from the data-access API to the data-transfer API. 13. The system of claim 11 , wherein: the application-identifying module identifies the application by determining that the application is capable of leaking sensitive information outside of the computing device via the data-access API and the data-transfer API; the function-identifying module identifies the entry-point function by determining that the execution of the entry-point function results in a call to both of the data-access API and the data-transfer API. 14. The system of claim 11 , wherein the trigger-determining module determines that the entry-point function is the type of function that is not triggered in response to a user's interaction with the application by identifying a predetermined trigger-type classification of the entry-point function that indicates that the entry-point function is not triggered in response to a user's interaction with the application. 15. The system of claim 14 , wherein the trigger-determining module identifies the predetermined trigger-type classification of the entry-point function by determining that the entry-point function is included in a predetermined list of automatically-initiated functions. 16. The system of claim 11 , wher