{
	"id": "125ea4f6-6d9e-47e3-bfd7-f9dbb8838c24",
	"created_at": "2026-04-06T00:21:11.038544Z",
	"updated_at": "2026-04-10T03:20:48.902936Z",
	"deleted_at": null,
	"sha1_hash": "3bae4ee004defa051ac4cdd23e95556bbce4260e",
	"title": "APP-0 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51240,
	"plain_text": "APP-0 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 21:44:22 UTC\r\nMobile Threat Catalogue\r\nEavesdropping on Unencrypted App Traffic\r\nContribute\r\nThreat Category: Vulnerable Applications\r\nID: APP-0\r\nThreat Description: Transmission of app or device data unencrypted allows any attacker with access to the\r\nphysical media channel (e.g. proximity to wireless radios) to intercept that data. Even if the data is not directly\r\nsensitive, it may in combination with other data, allow an attacker in infer sensitive information or conduct other\r\nattacks against the user or device (e.g. geo-physical tracking, social engineering, phishing, watering-hole attacks).\r\nThreat Origin\r\nNot Applicable, See Exploit or CVE Examples\r\nExploit Examples\r\nRemote Code Execution as System User on Samsung Phones 1\r\nInsecurity Cameras and Mobile Apps: Surveillance or Exposure? 2\r\nTeam Joch vs. Android 3\r\nCBS App \u0026 Mobility Website 4\r\nThe Fork 5\r\nCard Crypt 6\r\nCVE Examples\r\nCVE-2015-4640\r\nCVE-2017-2412\r\nPossible Countermeasures\r\nMobile Device User\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-0.html\r\nPage 1 of 2\n\nTo use HTTPS for web servers that support both HTTP and HTTPS, prepend URLs entered into the browser\r\nlocation bar with ‘https://’.\r\nMobile App Developer\r\nImplement secure communications in apps. On iOS, use the App Transport Security feature. On Android, opt out\r\nof the use of Cleartext traffic.\r\nEnterprise\r\nUse app vetting tools/services that can detect the use of cleartext traffic in mobile apps before deployment within\r\nyour organization.\r\nTo protect the confidentiality of enterprise data against passive interception, particularly when mobile devices may\r\nbe connected to public networks (e.g. coffee shop Wi-Fi), deploy mobile VPN technologies to encapsulate\r\npotentially clear-text network traffic with a layer of strong encryption.\r\nReferences\r\n1. R. Welton, “Remote Code Execution as System User on Samsung Phones”, blog, 16 June 2015;\r\nwww.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/\r\n[accessed 8/25/2016] ↩\r\n2. J. V. Dyke, “Insecurity Cameras and Mobile Apps: Surveillance or Exposure?”, blog, 6 Jan. 2016;\r\nwww.nowsecure.com/blog/2016/01/06/insecurity-cameras-and-mobile-apps-surveillance-or-exposure/\r\n[accessed 8/25/2016] ↩\r\n3. J. Oberheide and Z. Lanier, “Team Joch vs. Android”, presented at ShmooCon 2011, 28-30 Jan. 2011, slide\r\n54; https://jon.oberheide.org/files/shmoo11-teamjoch.pdf [accessed 8/25/2016] ↩\r\n4. CBS App \u0026 Mobility Website, Wandera Threat Advisory No. 192, Wandera, 23 Mar. 2016;\r\nwww.wandera.com/resources/dl/TA_CBS.pdf [accessed 8/24/2016] ↩\r\n5. The Fork, Wandera Threat Advisory No. 154, Wandera, 14 Jan. 2016;\r\nwww.wandera.com/resources/dl/TA_The_Fork.pdf [accessed 8/24/2016] ↩\r\n6. Card Crypt, Wandera Threat Advisory No. 142, Wandera, 9 Dec. 2015;\r\nwww.wandera.com/resources/dl/TA_CardCrypt.pdf [accessed 8/24/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-0.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-0.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-0.html"
	],
	"report_names": [
		"APP-0.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434871,
	"ts_updated_at": 1775791248,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3bae4ee004defa051ac4cdd23e95556bbce4260e.pdf",
		"text": "https://archive.orkl.eu/3bae4ee004defa051ac4cdd23e95556bbce4260e.txt",
		"img": "https://archive.orkl.eu/3bae4ee004defa051ac4cdd23e95556bbce4260e.jpg"
	}
}