Threat Category: Mobile OS & Vendor Infrastructure
ID: ECO-3
Threat Description: The integrity of third-party application stores is tough to verify, and therefore tough to ensure that proper app vetting processes are in place. Not properly vetting app package files can lead to malicious applications being distributed.
Threat Origin
Security Guidance for Critical Areas of Mobile Computing 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Prohibit users from installing apps from unofficial and authorized app stores.
Use app-vetting tools or services to determine that enterprise apps appear free from malicious behaviors or vulnerabilities prior to authorizing their use.
References
Security Guidance for Critical Areas of Mobile Computing, white paper, Cloud Security Alliance; https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf [accessed 8/29/2016] ↩