ECO-22 · Mobile Threat Catalogue
Archived: 2026-04-05 22:40:08 UTC
Mobile Threat Catalogue
App Store Vetting Bypass
Contribute
Threat Category: Mobile Application Store
ID: ECO-22
Threat Description: Applications that can bypass app store’s analysis or vetting techniques can implant malware in a
legitimate app store.
Threat Origin
Researchers Find Methods for Bypassing Google’s Bouncer Android Security 1
Exploit Examples
Dissecting the Android Bouncer 2
Adventures in Bouncerland 3
Malware designed to take over cameras and record audio enters Google Play 4
CVE Examples
Not Applicable
Possible Countermeasures
Enterprise
Use app-vetting tools or services to determine that apps appear free of malicious behaviors or vulnerabilities prior to
authorizing their use.
To decrease the time to detection for malicious apps, use app threat intelligence services to detect malicious apps installed
on devices
Educate end users to scrutinize the permissions requested by apps, particularly if an updated version requests significantly
different permissions than previous ones.
Mobile Device User
To decrease the time to detection for malicious apps on Android devices, use Android Verify Apps feature.
References
https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html
Page 1 of 2

1. D. Fisher, “Researchers Find Methods for Bypassing Google’s Bouncer Android Security,” blog, 4 June 2012;
https://threatpost.com/researchers-find-methods-bypassing-googles-bouncer-android-security-060412/76643/ ↩
2. J. Miller and C. Oberheide, Dissecting the Android Bouncer, Summercon, June 2012.
https://jon.oberheide.org/files/summercon12-bouncer.pdf [accessed 8/25/16] ↩
3. N.J. Percoco and S. Schulte, Adventures in BouncerLand, presented at BlackHat, 25 July 2012.
https://ia601905.us.archive.org/4/items/blackhat2012usaslides/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf
[accessed 7/27/22] ↩
4. D. Goodin, “Malware designed to take over cameras and record audio enters Google Play”, Ars Technica, 7 Mar.
2014; http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/ [accessed 8/25/2016] ↩
Source: https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html
https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-22.html
Page 2 of 2