Mobile Threat Catalogue

Insufficient Security Practices of Third-Party App Stores


Threat Category: Mobile OS & Vendor Infrastructure


Threat Description: The integrity of third-party application stores is tough to verify, and therefore tough to ensure that proper app vetting processes are in place. Not properly vetting app package files can lead to malicious applications being distributed.

Threat Origin

Security Guidance for Critical Areas of Mobile Computing 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Prohibit users from installing apps from unofficial and authorized app stores.

Use app-vetting tools or services to determine that enterprise apps appear free from malicious behaviors or vulnerabilities prior to authorizing their use.


  1. Security Guidance for Critical Areas of Mobile Computing, white paper, Cloud Security Alliance; [accessed 8/29/2016]