{ "id": "c7afcb4e-6528-4125-a4f2-0ee171699103", "created_at": "2026-04-29T08:21:25.827655Z", "updated_at": "2026-04-29T10:41:52.142833Z", "deleted_at": null, "sha1_hash": "59e741f51931e88dc98b707225de07754081c2aa", "title": "APP-13 · Mobile Threat Catalogue", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45440, "plain_text": "APP-13 · Mobile Threat Catalogue\r\nArchived: 2026-04-29 07:08:17 UTC\r\nMobile Threat Catalogue\r\nSensitive Information Discovery via OS APIs\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-13\r\nThreat Description: Apps may be granted permission, by the user or by default, access common data stores provided by the\r\nmobile OS. Common stores are contacts lists, call history, calendar, notes, or app clipboard. When apps used in differing\r\npersonal and enterprise contexts have access to these stores, they may contain co-mingled personal and enterprise data. A\r\nmalicious or invasive app granted access to these locations can collect any sensitive data stored there, likely with an intent to\r\nexfiltrate it to the attacker.\r\nThreat Origin\r\nThe Google Android Security Team’s Classifications for Potentially Harmful Applications 1\r\nExploit Examples\r\nAn investigation of Chrysaor Malware on Android 2\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the sideloading of apps, which may bypass security checks on\r\nthe app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.\r\nPerform application vetting to identify privacy-invasive behaviors by apps.\r\nUse application threat intelligence data about potential privacy risks associated with apps installed on devices\r\nUse features such as Apple iOS Managed Apps, Android for Work, or Samsung KNOX Workspace that provide additional\r\nseparation between personal apps and enterprise apps to mitigate the leakage of private information between work/personal\r\ncontexts.\r\nMobile Device User\r\nUse Android Verify Apps feature to identify apps that may violate privacy.\r\nMobile App Developer\r\nOnly request access to the minimal set of shared data stores (e.g., contacts, calendar), OS services (e.g. location services),\r\nand device sensors (e.g. camera, microphone) necessary for the app to provide functionality.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html\r\nPage 1 of 2\n\nOnly collect the minimal set of device or user data necessary for the app to provide functionality.\r\nReferences\r\n1. The Google Android Security Team’s Classifications for Potentially Harmful Applications, Apr. 2016;\r\nhttps://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classificati\r\n[accessed 8/25/2016] ↩\r\n2. “An investigation of Chrysaor Malware on Android”, blog, 3 Apr. 2017; https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html [accessed 4/5/2017] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-13.html" ], "report_names": [ "APP-13.html" ], "threat_actors": [], "ts_created_at": 1777450885, "ts_updated_at": 1777459312, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/59e741f51931e88dc98b707225de07754081c2aa.pdf", "text": "https://archive.orkl.eu/59e741f51931e88dc98b707225de07754081c2aa.txt", "img": "https://archive.orkl.eu/59e741f51931e88dc98b707225de07754081c2aa.jpg" } }