- Mobile Security Tutorial
- Mobile Security - Home
- Mobile Security - Introduction
- Mobile Security - Attack Vectors
- App Stores & Issues
- Mobile Security - Mobile Spam
- Mobile Security - Android OS
- Mobile Security - Android Rooting
- Mobile Security - Android Devices
- Mobile Security - Android Tools
- Mobile Security - Apple iOS
- iOS Device Tracking Tools
- Windows Phone OS
- Mobile Security - BlackBerry OS
- Mobile Security - BlackBerry Devices
- Mobile Security - MDM Solution
- SMS Phishing Countermeasures
- Mobile Security - Protection Tools
- Mobile Security - Pen Testing
- Mobile Security Useful Resources
- Mobile Security - Quick Guide
- Mobile Security - Useful Resources
- Mobile Security - Discussion
App Stores & Security Issues
An authenticated developer of a company creates mobile applications for mobile users. In order to allow the mobile users to conveniently browse and install these mobile apps, platform vendors like Google and Apple have created centralized market places, for example, PlayStore (Google) and AppStore (Apple). Yet there are security concerns.
Usually mobile applications developed by developers are submitted to these market places without screening or vetting, making them available to thousands of mobile users. If you are downloading the application from an official app store, then you can trust the application as the hosting store has vetted it. However, if you are downloading the application from a third-party app store, then there is a possibility of downloading malware along with the application because third-party app stores do not vet the apps.
The attacker downloads a legitimate game and repackages it with malware and uploads the mobile apps to a third-party application store from where the end users download this malicious gaming application, believing it to be genuine. As a result, the malware gathers and sends user credentials such as call logs/photo/videos/sensitive docs to the attacker without the user's knowledge.
Using the information gathered, the attacker can exploit the device and launch any other attack. Attackers can also socially engineer users to download and run apps outside the official apps stores. Malicious apps can damage other applications and data, sending your sensitive data to attackers.
App Sandboxing Issues
Sandbox helps the mobile users by limiting the resources that an application uses in the mobile device. However, many malicious applications can overpass this allowing the malware to use all the device processing capabilities and user data.
Secure Sandbox
It is an environment where each application runs its allocated resources and data so the applications are secure and cannot access other application resources and data.
Vulnerable Sandbox
It is an environment where a malicious application is installed and it exploits the sandbox by allowing itself to access all data and resources.