{
	"id": "c6eb32bc-4726-4d2d-a57a-a569e003cb80",
	"created_at": "2026-04-06T00:21:02.858333Z",
	"updated_at": "2026-04-10T13:12:18.20493Z",
	"deleted_at": null,
	"sha1_hash": "f77a5e61a3b2283dbcb6404d228d3290b39c83e0",
	"title": "APP-29 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46296,
	"plain_text": "APP-29 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 21:30:04 UTC\r\nMobile Threat Catalogue\r\nCommand-and-control Traffic Evades Analysis\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-29\r\nThreat Description: Mobile OS offer built-in and encrypted communication channels that may appear to be\r\nnormal traffic or occur out-of-band (over a cellular connection), thereby evading detection by Wi-Fi-based\r\nenterprise traffic analysis tools. Google offers Google Cloud Messaging (GCM) and newly, Firebase Cloud\r\nMessaging (FCM), which provides two-way communication. Apple offers the Apple Push Notification Service\r\n(APNS), which offers one-way communication from server-to-device. Both services are commonly used within\r\nmobile apps, which makes detecting abuse of these services difficult.\r\nThreat Origin\r\nNot Applicable, See Exploit or CVE Examples\r\nExploit Examples\r\nMobile Malware Evolution: 2013 1\r\nDroydSeuss: A Mobile Banking Trojan Tracker 2\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html\r\nPage 1 of 2\n\nUse app-vetting tools or services to identify remote access control apps that receive commands over notification or\r\nmessaging serices or other communication channels.\r\nMobile Device User\r\nDisable access to notification or messaing services to apps for which such functions are not actually used.\r\nUse Verify Apps feature to identify potentially harmful apps.\r\nReferences\r\n1. V. Chebyshev and R. Unuchek, “Mobile Malware Evolution: 2013”, blog, 24 Feb. 2014;\r\nhttps://securelist.com/analysis/kaspersky-security-bulletin/58335/mobile-malware-evolution-2013/\r\n[accessed 8/25/2016] ↩\r\n2. A. Coletta et al., “DroydSeuss: A Mobile Banking Trojan Tracker - A Short Paper”, in Proceedings of\r\nFinancial Cryptography and Data Security 2016, 2016; http://fc16.ifca.ai/preproceedings/14_Coletta.pdf\r\n[accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html"
	],
	"report_names": [
		"APP-29.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434862,
	"ts_updated_at": 1775826738,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f77a5e61a3b2283dbcb6404d228d3290b39c83e0.pdf",
		"text": "https://archive.orkl.eu/f77a5e61a3b2283dbcb6404d228d3290b39c83e0.txt",
		"img": "https://archive.orkl.eu/f77a5e61a3b2283dbcb6404d228d3290b39c83e0.jpg"
	}
}