{
	"id": "8f8e759c-12c1-416e-9ba4-85c3614a82c2",
	"created_at": "2026-04-06T00:11:39.754867Z",
	"updated_at": "2026-04-10T03:22:04.922035Z",
	"deleted_at": null,
	"sha1_hash": "307d2d49ada1e44bdfdf26808c3f1a2855293ec7",
	"title": "APP-12 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46264,
	"plain_text": "APP-12 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 21:45:25 UTC\r\nMobile Threat Catalogue\r\nMalicious Device Information Gathering\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-12\r\nThreat Description: Persistent information that can be used to identify or characterize a specific mobile device in one or\r\nmore contexts, such as IMEI, IMSI, MAC address, phone number, mobile OS, or installed apps, may be collected by a\r\nmalicious or privacy-invasive app to facilitate future attacks. These values, particularly in combination, greatly increase\r\npotential for geo-physical or behavioral tracking, device fingerprinting, and impersonation attacks against the device or its\r\nuser.\r\nThreat Origin\r\nThe Google Android Security Team’s Classifications for Potentially Harmful Applications 1\r\nExploit Examples\r\nSlembunk: An Evolving Android Trojan Family 2\r\nAn investigation of Chrysaor Malware on Android 3\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the sideloading of apps, which may bypass security checks on\r\nthe app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.\r\nPerform application vetting to identify inappropriate behaviors by apps including permission requests made by the apps\r\nUse application threat intelligence data about potential data collection risks associated with apps installed on devices\r\nMobile Device User\r\nUse Android Verify Apps feature to identify apps that may abuse permissions to perform data collection.\r\nConsider the use of devices that support Android 11 or higher, in which applications have limited visibility of what other\r\napps are on the device.\r\nReferences\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-12.html\r\nPage 1 of 2\n\n1. The Google Android Security Team’s Classifications for Potentially Harmful Applications, Apr. 2016;\r\nhttps://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classificati\r\n[accessed 8/25/2016] ↩\r\n2. W. Zhou et al., “Slembunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps”, blog,\r\n17 Dec. 2015; www.fireeye.com/blog/threat-research/2015/12/slembunk_an_evolvin.html [accessed 8/25/2016] ↩\r\n3. “An investigation of Chrysaor Malware on Android”, blog, 3 Apr. 2017; https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html [accessed 4/5/2017] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-12.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-12.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-12.html"
	],
	"report_names": [
		"APP-12.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434299,
	"ts_updated_at": 1775791324,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/307d2d49ada1e44bdfdf26808c3f1a2855293ec7.pdf",
		"text": "https://archive.orkl.eu/307d2d49ada1e44bdfdf26808c3f1a2855293ec7.txt",
		"img": "https://archive.orkl.eu/307d2d49ada1e44bdfdf26808c3f1a2855293ec7.jpg"
	}
}