{
	"id": "d5808096-522c-4f8b-8609-7ca5deb95f19",
	"created_at": "2026-04-06T00:18:49.790626Z",
	"updated_at": "2026-04-10T13:12:33.733244Z",
	"deleted_at": null,
	"sha1_hash": "cd7a826a59c96759e54a516ebd36364d8fdcf5b8",
	"title": "APP-21 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32969,
	"plain_text": "APP-21 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 17:20:45 UTC\r\nMobile Threat Catalogue\r\nApp Vetting Misses Malicious App\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-21\r\nThreat Description: App vetting methods designed to detect malicious code are complicated by various code\r\nobfuscation techniques such as sandbox detection, encryption, and dead code (malicious functions unreachable by\r\nnormal program execution). As a result, a malicious app subjected to app vetting may appear free of harmful code\r\nand safe to publish or distribute.\r\nThreat Origin\r\nDissecting Android Malware: Characterization and Evolution 1\r\nExploit Examples\r\nCVE Examples\r\nCVE-2015-07555\r\nCVE-2016-5131\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nUse app-vetting tools or services to identify untrusted apps that contain encrypted or obfuscated code.\r\nUse application threat intelligence data about apps that contain encrypted or obfuscated code\r\nMobile Device User\r\nUse Android Verify Apps feature to identify potentially harmful apps.\r\nMobile App Developer\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html\r\nPage 1 of 2\n\nTo mitigate your app being detected as potentially malicious, do not arbitrarily encrypt or obfuscate code.\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html"
	],
	"report_names": [
		"APP-21.html"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434729,
	"ts_updated_at": 1775826753,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cd7a826a59c96759e54a516ebd36364d8fdcf5b8.pdf",
		"text": "https://archive.orkl.eu/cd7a826a59c96759e54a516ebd36364d8fdcf5b8.txt",
		"img": "https://archive.orkl.eu/cd7a826a59c96759e54a516ebd36364d8fdcf5b8.jpg"
	}
}