Threat Category: Malicious or privacy-invasive application
ID: APP-21
Threat Description: App vetting methods designed to detect malicious code are complicated by various code obfuscation techniques such as sandbox detection, encryption, and dead code (malicious functions unreachable by normal program execution). As a result, a malicious app subjected to app vetting may appear free of harmful code and safe to publish or distribute.
Threat Origin
Dissecting Android Malware: Characterization and Evolution 1
Exploit Examples
Not Applicable
CVE Examples
Possible Countermeasures
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Use app-vetting tools or services to identify untrusted apps that contain encrypted or obfuscated code.
Use application threat intelligence data about apps that contain encrypted or obfuscated code
Mobile Device UserUse Android Verify Apps feature to identify potentially harmful apps.
Mobile App DeveloperTo mitigate your app being detected as potentially malicious, do not arbitrarily encrypt or obfuscate code.
References
Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩