Threat Category: Malicious or privacy-invasive application
ID: APP-26
Threat Description: Malicious applications that achieve privilege escalation in the context of the mobile OS, driver, peripheral firmware, or the kernel, may further achieve unauthorized access or modification of app, user, or system data, process memory, or execute other unauthorized actions on the device.
Threat Origin
Dissecting Android Malware: Characterization and Evolution 1
Exploit Examples
Not Applicable
CVE Examples
Possible Countermeasures
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.
Use application threat intelligence data to identify apps that exploit the OS to achieve privilege escalation.
Use app-vetting tools or services to identify apps that exploit the OS to achieve privilege escalation.
To limit the opportunity for malicious apps to exploit known vulnerabilities, ensure timely installation of security updates.
Mobile Device UserUse the Android Verify Apps feature to identify potentially harmful apps.
To limit the opportunity for malicious apps to exploit known vulnerabilities, ensure timely installation of security updates.
References
Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩