Abstract
Mobile apps should be deployed with care because they can pose substantial risk to enterprise organizations due to their potential to contain exploitable vulnerabilities, malicious code, or privacy-violating behaviors. Even apps from the Apple App Store or Google Play are not free of these risks. Mobile app vetting solutions can automate analysis of third-party mobile apps to help enterprises determine whether an app is safe to deploy on their mobile devices, but this is primarily a human-driven process which is time consuming. A new, automated approach called continuous app vetting is emerging that attempts to automate this entire process through use of app behavior rulesets and enforcement via enterprise mobility management (EMM) solutions. This study sought to develop a set of configurations and rulesets for continuous app vetting to be used by enterprises to identify potentially malicious, exploitable, or privacy-violating behavior of apps; define rulesets governing acceptable/unacceptable mobile app behavior; and describe how to apply mitigations individually to apps via EMM.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
ATT&CK for Mobile provides a capability to query a specific mitigation such as app vetting and retrieve all of the techniques that list that mitigation.
- 3.
“Kryptowire” - https://www.kryptowire.com/.
- 4.
- 5.
- 6.
- 7.
- 8.
References
Homeland Security Systems Engineering and Development Institute: Evaluating Mobile App Vetting Integration with Enterprise Mobility Management in the Enterprise. https://www.dhs.gov/publication/st-evaluating-mobile-app-vetting-integration-enterprise-mobility-management-enterprise
Peck, M., Northern, C.: Analyzing the effectiveness of app vetting tools in the enterprise. MITRE Technical Report 160242. https://www.mitre.org/publications/technical-papers/analyzing-the-effectiveness-of-app-vetting-tools-in-the-enterprise
MITRE ATT&CK website. https://attack.mitre.org/mitigations/mobile/. Accessed 11 Mar 2018
Banking Trojan Attacks European Users of Android Devices. https://news.drweb.com/show/?i=12940&lng=en. Accessed 16 Nov 2018
Goodin, D.: 22 apps with 2 million+ Google Play downloads had a malicious backdoor. https://arstechnica.com/information-technology/2018/12/google-play-ejects-22-backdoored-apps-with-2-million-downloads/. Accessed 6 Dec 2018
Stefanko, L.: Scam iOS apps promise fitness, steal money instead. https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead. Accessed 3 Dec 2018
Acknowledgement
The MITRE authors conducted this work under Homeland Security Systems Engineering Institute (HSSEDI) Task Order 70RSAT19FR0000019. The MITRE Corporation operates HSSEDI under Department of Homeland Security (DHS) contract number HSHQDC-14-D-00006. Approved for Public Release; Distribution Unlimited. Public Release Case Number 20-2309.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Northern, C., Peck, M., Thairu, J., Sritapan, V. (2021). Mobile Per-app Security Settings. In: Arai, K. (eds) Advances in Information and Communication. FICC 2021. Advances in Intelligent Systems and Computing, vol 1363. Springer, Cham. https://doi.org/10.1007/978-3-030-73100-7_51
Download citation
DOI: https://doi.org/10.1007/978-3-030-73100-7_51
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73099-4
Online ISBN: 978-3-030-73100-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)