Threat Category: Malicious or privacy-invasive application
Threat Description: Apps that have been granted permission to Location Services or similar OS-provided services can abuse this permission to report device outside of what may be needed to support legitimate app functionality (e.g. navigation). Device location data may facilitate further attacks such as geo-physical or behavioral tracking of the user.
Dissecting Android Malware: Characterization and Evolution 1
An investigation of Chrysaor Malware on Android 2
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.
Use application threat intelligence data about potential abuse of location services associated with apps installed on COPE or BYOD devicesMobile Device User
Use Android Verify Apps feature to identify apps that may abuse location services.
When apps that require location services (e.g., map services) are not in use, use OS-provided settings to globally disable access to location services
When using untrusted apps that require locations services (e.g., map services), use OS-provided settings to revoke access to location services once the app is no longer in use.
Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩
“An investigation of Chrysaor Malware on Android”, blog, 3 Apr. 2017; https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html [accessed 4/5/2017] ↩