APP-21 · Mobile Threat Catalogue

Mobile Threat Catalogue

App vetting fails to detect malicious app code

Contribute

Threat Category: Malicious or privacy-invasive application

ID: APP-21

Threat Description: App vetting methods designed to detect malicious code are complicated by various code obfuscation techniques such as sandbox detection, encryption, and dead code (malicious functions unreachable by normal program execution). As a result, a malicious app subjected to app vetting may appear free of harmful code and safe to publish or distribute.

Threat Origin

Dissecting Android Malware: Characterization and Evolution 1

Exploit Examples

Not Applicable

CVE Examples

Possible Countermeasures

Enterprise

Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.

Use app-vetting tools or services to identify untrusted apps that contain encrypted or obfuscated code.

Use application threat intelligence data about apps that contain encrypted or obfuscated code

Mobile Device User

Use Android Verify Apps feature to identify potentially harmful apps.

Mobile App Developer

To mitigate your app being detected as potentially malicious, do not arbitrarily encrypt or obfuscate code.

References

  1. Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016]