- Home
- Techniques
- PRE-ATT&CK
- Test ability to evade automated mobile application security analysis performed by app stores
Test ability to evade automated mobile application security analysis performed by app stores
Many mobile devices are configured to only allow applications to be installed from the mainstream vendor app stores (e.g., Apple App Store and Google Play Store). An adversary can submit multiple code samples to these stores deliberately designed to probe the stores' security analysis capabilities, with the goal of determining effective techniques to place malicious applications in the stores that could then be delivered to targeted devices. [1] [2] [3] [4]
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: The app store operators (e.g., Apple and Google) may detect the attempts, but it would not be observable to those being attacked.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: An adversary can submit code remotely using throwaway accounts, although a registration fee may need to be paid for each new account (e.g., $99 for Apple and $25 for Google Play Store).
References
- Jon Oberheide and Charlie Miller. (2012). DISSECTING THE ANDROID BOUNCER. Retrieved April 12, 2017.
- Nicholas J. Percoco and Sean Schulte. (2012). Adventures in BouncerLand. Retrieved April 12, 2017.
- Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. (2013). Jekyll on iOS: When Benign Apps Become Evil. Retrieved April 12, 2017.
- Claud Xiao. (2016). Fruit vs Zombies: Defeat Non-jailbroken iOS Malware. Retrieved April 12, 2017.