Mobile Threat Landscape reports steady decrease in blacklisted apps
|Christian Hargrave in Security Friday, June 1, 2018|
Mobile Threat Landscape Q1 2018 Report finds that the number of blacklisted apps on the mobile app stores is steadily declining over the last 4 quarters.
In March, an app called Calendar 2, which appeared in the Apple App Store, began mining Monero digital currency on user devices. Although the app disclosed this activity and offered the option for users to pay fees instead - or use the app with all advanced features disabled - the app developers set mining as the default option, which meant users would have to opt-out rather than opt-in. The app described mining as "free" for the user, which is misleading because of the significant energy and computing costs associated with mining activity. Ultimately, bugs that caused the app to continue mining, despite users opting out and used excessive CPU usage, caused the developer to pull the app from the store after a short period.
Also in Q1, RiskIQ issued an alert warning of blacklisted apps masquerading as or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just “cryptocurrency” in general. These are indicative of the rise of digital currencies and their attractiveness as an income stream for both crooks and legitimate businesses.
The Mobile Threat Report also showed that malicious mobile apps continued to decline, despite the number of total apps observed by the company increasing over the last four quarters. In Q1, 21,948, or 1.4%, of the total of 1,508,825 newly observed apps were blacklisted, which is a lower percentage than in the previous four quarters.
The numbers of blacklisted feral apps declined for the fourth-straight quarter, from 3,507 in Q4 2017 to 1,981 in Q1 2018, but still represents a significant portion of all blacklisted apps; forty-six percent of feral apps were blacklisted in Q1 2018. Meanwhile, Google hosted 8,287 blacklisted apps in Q1, which is consistent with previous quarters and outpaces the next most blacklisted store, AndroidAPKDescargar, by 4,595. Although the Play Store consistently had high numbers of blacklisted apps between Q3 2017 and Q1 2018, its rate of blacklisted apps has hovered around a relatively modest five percent.
The report found that many blacklisted apps shared several of the same permissions. Eighty-six percent of apps blacklisted in Q1 claimed the READ_SMS permission, which allows the app to read messages and can be used for any number of nefarious purposes, including circumventing two-factor authentication. Most of the apps that can read messages can also track location, read and write to the call log, generate alert windows, change settings and other dubious requests. Among apps blacklisted in the Google Play Store, 1,207 access the phone's camera, nearly 800 of which also record location data and about 600 record audios
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.