OS-vendor provided communication channels
|OS-vendor provided communication channels|
Google and Apple provide Google Cloud Messaging and Apple Push Notification Service, respectively, services designed to enable efficient communication between third-party mobile app backend servers and the mobile apps running on individual devices. These services maintain an encrypted connection between every mobile device and Google or Apple that cannot easily be inspected and must be allowed to traverse networks as part of normal device operation. These services could be used by adversaries for communication to compromised mobile devices.12
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: These are free services provided by Google and Apple to app developers, and information on how to use them is readily available.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: These services are heavily utilized by mainstream mobile app developers. High volume of communications makes it extremely hard for a defender to distinguish between legitimate and adversary communications.