ECO-22 · Mobile Threat Catalogue

Mobile Threat Catalogue

App Store Vetting Bypass

Contribute

Threat Category: Mobile Application Store

ID: ECO-22

Threat Description: Applications that can bypass app store’s analysis or vetting techniques can implant malware in a legitimate app store.

Threat Origin

Researchers Find Methods for Bypassing Google’s Bouncer Android Security 1

Exploit Examples

Dissecting the Android Bouncer 2

Adventures in Bouncerland 3

Malware designed to take over cameras and record audio enters Google Play 4

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

Use app-vetting tools or services to determine that apps appear free of malicious behaviors or vulnerabilities prior to authorizing their use.

To decrease the time to detection for malicious apps, use app threat intelligence services to detect malicious apps installed on devices

Educate end users to scrutinize the permissions requested by apps, particularly if an updated version requests significantly different permissions than previous ones.

Mobile Device User

To decrease the time to detection for malicious apps on Android devices, use Android Verify Apps feature.

References

  1. D. Fisher, “Researchers Find Methods for Bypassing Google’s Bouncer Android Security,” blog, 4 June 2012; https://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ 

  2. J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012. https://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] 

  3. N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012. https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf [accessed 8/25/16] 

  4. D. Goodin, “Malware designed to take over cameras and record audio enters Google Play”, Ars Technica, 7 Mar. 2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016]