L18 - T18C - S2 – Mobile App Source Security Concerns

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

Trusted App Source

A place from which you can download and install applications with a high degree of confidence in their safety and security e.g. Apple Store/Google Play Store — (Goog)

  • An app store that is managed by a service provider

2
New cards

Factors which enable an App Store to be trusted

  • Service provider authenticates and authorizes valid developer

    • Issues certificates to developers to use and sign their apps + show they are trusted

  • Service provider may also analyse code submitted

    • Ensures it does not pose a security or privacy risk to its customers

  • Service provider may employ other policies e.g.

    • Not allowing apps with adult content

    • Not allowing apps that duplicate the function of core OS apps 

3
New cards

Typical methods used by rogue apps to get onto the app store

  • Spoofing a legitimate app by using a very similar name

  • Using fake reviews and automated downloads to boost popularity

Common Apps Targeted

  • VPN, fake antivirus/ad blockers, and dating app

    • Typically function as spyware

4
New cards

True

  • Enterprises often need/want custom apps

  • It might not be appropriate to deliver a custom corporate app via a public store, where anyone could download it

True or False: The default options/trusted app store destination apps does not always satisfy enterprises

5
New cards

The Solutions used by Apple & Android to Distribute Private Enterprise Apps

Both essentially use an MDM suite to push apps from the private channel to the device

  • Apple — Enterprise developer and distribution programs

    • Allows private app distribution via Apple Business Manager

  • Google Play Store — Private Channel

    • Managed Google Play

6
New cards

True

  • But only if this option is enabled by the user.

    • “Unknown sources” must be enabled

True or False: Unlike iOS, Android allows for selection of different stores and installation of untrusted apps from any third party

7
New cards

“Unknown Sources” Enabled

  • Android feature in settings which allows untrusted apps to be downloaded from a website and installed using the APK file format

    • This is referred to as “sideloading"

  • Enabling this option obviously weakens the device’s security

    • MDM might be used to prevent the use of third-party stores or sideloading and block unapproved app source

8
New cards

Safety Suggestions if enabling “Unknown Sources” on Android

  • Use other methods to ensure that

    • Only legitimate enterprise apps are sideloaded

    • The device be monitored closely to detect unauthorized apps

9
New cards

APK

Android app package format used when sideloading software from a source other than a trusted store – (A+)

10
New cards

Bootleg App

Software that illegally copies or imitates a commercial product or brand – (A+) 

  • Infringes licensing and copyrights

  • Can expose the device to risks from malware

Explore top notes

Explore top flashcards