{
	"id": "9f12cd1f-43ac-4b47-8afe-a684eb259f92",
	"created_at": "2026-04-06T00:12:45.523824Z",
	"updated_at": "2026-04-10T03:21:34.228188Z",
	"deleted_at": null,
	"sha1_hash": "903dd380f329bcde821a9ab0104fecbe6c1c1076",
	"title": "APP-20 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34806,
	"plain_text": "APP-20 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 13:34:36 UTC\r\nMobile Threat Catalogue\r\nLoading Malicious Code at Runtime\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-20\r\nThreat Description: Mobile apps may evade app vetting by downloading and executing malicious app code after\r\ninstallation. On Android, external code can be loaded using the OS-provided API. On iOS, the ability to modify\r\napp code is a consequence of the Objective C runtime environment that apps execute within, which permits\r\nmethod definitions to be modified at runtime. As the malicious code would not be present when the app was\r\nsubmitted for review, it may evade detection as a malicious application.\r\nThreat Origin\r\nExecute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications 1\r\nJekyll on iOS: When Benign Apps Become Evil 2\r\nExploit Examples\r\nAndroid Hax 3\r\nHot or Not? The Benefits and Risks of iOS Remote Hot Patching 4\r\nMethod Swizzling 5\r\nCVE Examples\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html\r\nPage 1 of 2\n\nUse application threat intelligence data about potential abuse of dynamic code execution associated with apps\r\ninstalled on COPE or BYOD devices\r\nMobile Device User\r\nUse Android Verify Apps feature to identify potentially harmful apps.\r\nConsider the use of devices that support Android 10 or higher, in which applications cannot execute code within\r\ntheir own system binaries and libraries.\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-20.html"
	],
	"report_names": [
		"APP-20.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434365,
	"ts_updated_at": 1775791294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/903dd380f329bcde821a9ab0104fecbe6c1c1076.pdf",
		"text": "https://archive.orkl.eu/903dd380f329bcde821a9ab0104fecbe6c1c1076.txt",
		"img": "https://archive.orkl.eu/903dd380f329bcde821a9ab0104fecbe6c1c1076.jpg"
	}
}