ECO-22 · Mobile Threat Catalogue

Mobile Threat Catalogue

Bypass or evasion of application security analysis or vetting techniques to sneak an app into the store

Contribute

Threat Category: Mobile Application Store

ID: ECO-22

Threat Description:

Threat Origin

Researchers Find Methods for Bypassing Google’s Bouncer Android Security 1

Exploit Examples

Dissecting the Android Bouncer 2

Adventures in Bouncerland 3

Malware designed to take over cameras and record audio enters Google Play 4

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

Use app-vetting tools or services to determine that apps appear free of malicious behaviors or vulnerabilities prior to authorizing their use.

To decrease the time to detection for malicious apps, use app threat intelligence services to detect malicious apps installed on devices

Educate end users to scrutinize the permissions requested by apps, particularly if an updated version requests significantly different permissions than previous ones.

Mobile Device User

To decrease the time to detection for malicious apps on Android devices, use Android Verify Apps feature.

References

  1. D. Fisher, “Researchers Find Methods for Bypassing Google’s Bouncer Android Security,” blog, 4 June 2012; https://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ 

  2. J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012. https://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] 

  3. N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012. https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf [accessed 8/25/16] 

  4. D. Goodin, “Malware designed to take over cameras and record audio enters Google Play”, Ars Technica, 7 Mar. 2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016]