Test ability to evade automated mobile application security analysis performed by app stores

From pre-attack
Jump to: navigation, search


Test ability to evade automated mobile application security analysis performed by app stores
Technique
ID PRE-T1170
Tactic Test Capabilities

Definition

Many mobile devices are configured to only allow applications to be installed from the mainstream vendor app stores (e.g., Apple App Store and Google Play Store). An adversary can submit multiple code samples to these stores deliberately designed to probe the stores' security analysis capabilities, with the goal of determining effective techniques to place malicious applications in the stores that could then be delivered to targeted devices.1234

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: An adversary can submit code remotely using throwaway accounts, although a registration fee may need to be paid for each new account (e.g., $99 for Apple and $25 for Google Play Store).

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The app store operators (e.g., Apple and Google) may detect the attempts, but it would not be observable to those being attacked.