Threat Category: Mobile Application Store
ID: ECO-22
Threat Description: Applications that can bypass app store’s analysis or vetting techniques can implant malware in a legitimate app store.
Threat Origin
Researchers Find Methods for Bypassing Google’s Bouncer Android Security 1
Exploit Examples
Dissecting the Android Bouncer 2
Adventures in Bouncerland 3
Malware designed to take over cameras and record audio enters Google Play 4
CVE Examples
Not Applicable
Possible Countermeasures
Use app-vetting tools or services to determine that apps appear free of malicious behaviors or vulnerabilities prior to authorizing their use.
To decrease the time to detection for malicious apps, use app threat intelligence services to detect malicious apps installed on devices
Educate end users to scrutinize the permissions requested by apps, particularly if an updated version requests significantly different permissions than previous ones.
Mobile Device UserTo decrease the time to detection for malicious apps on Android devices, use Android Verify Apps feature.
References
D. Fisher, “Researchers Find Methods for Bypassing Google’s Bouncer Android Security,” blog, 4 June 2012; https://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ ↩
J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012. https://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] ↩
N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012. https://ia601905.us.archive.org/4/items/blackhat2012usaslides/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf [accessed 7/27/22] ↩
D. Goodin, “Malware designed to take over cameras and record audio enters Google Play”, Ars Technica, 7 Mar. 2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016] ↩