{
	"id": "b3b6260b-2492-4b06-b336-ff8e013d486d",
	"created_at": "2026-04-06T01:29:21.888898Z",
	"updated_at": "2026-04-10T03:21:13.454965Z",
	"deleted_at": null,
	"sha1_hash": "0f9fc6a852a98ca0c9af038d041072bc7fadf5ec",
	"title": "APP-30 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45243,
	"plain_text": "APP-30 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:19:43 UTC\r\nMobile Threat Catalogue\r\nExfiltration Evades Analysis\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-30\r\nThreat Description: Malicious apps that collect and exfiltrate sensitive data have multiple communication\r\nchannels available. In addition to using encryption, steganography, or other obfuscation techniques over an\r\ninspected Wi-Fi connection, apps may exfiltrate data over a cellular connection, which cannot be directly analyzed\r\nusing an enterprise network security mechanism. While requiring a receiver with proximity to the device, apps can\r\nalso potentially exfiltrate data over Bluetooth or NFC connections. Common use of these channels are interfaces\r\nto device peripherals or short-range data transfers, making these channels less likely to be monitored by enterprise\r\nsecurity mechanisms.\r\nThreat Origin\r\nDissecting Android Malware: Characterization and Evolution 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nUse application threat intelligence data about potential data exfiltration risks associated with apps installed on\r\nCOPE or BYOD devices\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html\r\nPage 1 of 2\n\nUse app-vetting tools or services to identify apps that appear to exfiltrate data.\r\nMobile Device User\r\nUse Android Verify Apps feature to identify apps that may abuse communication channels to exfiltrate data.\r\nReferences\r\n1. Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of\r\nthe 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109;\r\nhttp://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html"
	],
	"report_names": [
		"APP-30.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775438961,
	"ts_updated_at": 1775791273,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0f9fc6a852a98ca0c9af038d041072bc7fadf5ec.pdf",
		"text": "https://archive.orkl.eu/0f9fc6a852a98ca0c9af038d041072bc7fadf5ec.txt",
		"img": "https://archive.orkl.eu/0f9fc6a852a98ca0c9af038d041072bc7fadf5ec.jpg"
	}
}