Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

ENISA Publishes Report On Mobile App-Store Security

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, published a new report this week that focuses on App-Store Security. The report, “Appstore security: 5 lines of defence against malware,” was published in response to the increasing number of attacks targeting mobile devices via app-stores.

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, published a new report this week that focuses on App-Store Security. The report, “Appstore security: 5 lines of defence against malware,” was published in response to the increasing number of attacks targeting mobile devices via app-stores. Over the course of 2011 numerous malicious apps were found, targeting a variety of smartphone platforms, including Android and Apple’s iOS.

ENISA Log“Using malicious apps, attackers can easily tap into the vast amount of private data processed on smartphones such as confidential business emails, location data, phone calls, SMS messages and so on. Consumers are hardly aware of this,” said Dr. Marnix Dekker, and Dr. Giles Hogben, the authors of the report.

Starting from a threat model for app-stores, the paper identifies what it calls “the five lines of defence” that must be in place to secure app stores from malware: app review, reputation, kill-switches, device security and jails.

“This report provides a very practical and technical analysis of malware threats for app-stores in under 20 pages. The Agency has made an excellent choice of security techniques, and the recommendations are ready-to-use,” says Raoul Chiesa, an Italian ethical hacker.

Without overlooking the differences between the various smartphone models and app-stores, ENISA recommends an industry-wide approach to addressing insecure and malicious apps. “The number of malware attacks direct at smartphones still pales in comparison to PCs. This paper is a blueprint for how to maintain this head-start and address security across app-stores.” says Professor Udo Helmbrecht, Executive Director of ENISA.

The full report is available here.

ENISA also recently published a full overview of smartphone risks which can be found here.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...