The Google Android Security Team s Classifications for Potentially Harmful Applications

Similar documents
How we keep harmful apps out of Google Play and keep your Android device safe

Google Report Android Security 2014 Year in Review

Defending Behind The Device Mobile Application Risks

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Android Security 2015 Year In Review

User Documentation Web Traffic Security. University of Stavanger

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

E-BUSINESS THREATS AND SOLUTIONS

E Commerce and Internet Security

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Cloud Security:Threats & Mitgations

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Security Best Practices for Mobile Devices

Certified Ethical Hacker Exam Version Comparison. Version Comparison

GlobalSign Malware Monitoring

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Securing mobile devices in the business environment

Threat Events: Software Attacks (cont.)

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

Network Security and the Small Business

Mobile App Reputation

Content Teaching Academy at James Madison University

UNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION. Julie Brill Maureen K. Ohlhausen Joshua D. Wright Terrell McSweeny

Incident Reporting Guidelines for Constituents (Public)

Internet threats: steps to security for your small business

Cybersecurity for the C-Level

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

region16.net Acceptable Use Policy ( AUP )

Chapter 6: Fundamental Cloud Security

LETABA WIRELESS INTERNET CC ACCEPTABLE USE POLICY

Network Security. Demo: Web browser

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Presented by: Islanders Bank

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Malware & Botnets. Botnets

The Benefits of SSL Content Inspection ABSTRACT

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Detailed Description about course module wise:

The Key to Secure Online Financial Transactions

Countermeasures against Bots

The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Kaspersky Security 10 for Mobile Implementation Guide

Commercial in confidence TELSTRA WHOLESALE ACCEPTABLE USE POLICY. Commercial-in-Confidence. Issue Number 1.5, 20 November 2012

I N T E L L I G E N C E A S S E S S M E N T

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Now SMS/MMS Android Modem Quick Start Guide

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Enterprise Apps: Bypassing the Gatekeeper

Security and Protection in Real-Time

National Cyber Security Month 2015: Daily Security Awareness Tips

Cass Cable TV, Inc. and Greene County Partners, Inc. CASSCOMM ACCEPTABLE USE POLICY

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

WHITE PAPER. Understanding How File Size Affects Malware Detection

Business Phone Security. Threats to VoIP and What to do about Them

Top tips for improved network security

ZNetLive Malware Monitoring

How to stay safe online

Tutorial on Smartphone Security

Incident categories. Version (final version) Procedure (PRO 303)

How To Use A College Computer System Safely

G DATA MOBILE MALWARE REPORT THREAT REPORT: Q1/2015

BYOD AND NEXT- GENERATION MOBILE SECURITY

Protecting Android Mobile Devices from Known Threats

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Business ebanking Fraud Prevention Best Practices

Cyber Security Metrics Dashboards & Analytics

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Privacy Policy Version 1.0, 1 st of May 2016

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Pentesting Mobile Applications

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Protecting Your Organisation from Targeted Cyber Intrusion

PCI Security Standards Council

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

General Security Best Practices

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Authorization for Electronic Network Access AUP and BYOD Policies DEFINITIONS. BYOD Bring Your Own Device. AUP Authorized Use Policy

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Transcription:

The Google Android Security Team s Classifications for Potentially Harmful Applications April 2016

Overview This document covers the Android Security Team s taxonomy for classifying apps that pose a potential security risk to users or their data. These types of apps are often generically referred to as malware. However, that term lacks a welldefined and universally accepted taxonomy, so we refer to such apps as Potentially Harmful Applications (PHAs) to avoid confusion. The PHA classifications have changed over the years along with the ecosystem, and we expect them to continue to develop. By releasing this information, we hope to provide greater insight into our current approach to PHAs. We also believe it s best for users if the security community uses a consistent naming convention when referring to threats. While our classifications are not perfect, we hope that they provide a good start that sparks an ongoing discussion and helps others verify our externally released data. How the classifications are used Verify Apps warns the user if it detects the attempted installation of any app that falls into one or more of these categories on their device. When we detect that a PHA contains features from multiple categories, it is classified based on the most harmful characteristics. For example, if an app applies to both ransomware and spyware categories, the Verify Apps message would refer only to ransomware. Google Play prohibits all PHAs, so we also use these classifications in our evaluations of apps that developers submit for publication. Figure 1: SMS Fraud Warning Categories of Potentially Harmful Applications Backdoors This app lets hackers control your device, giving them unauthorized access to your data. An application that allows the execution of unwanted, potentially harmful, remote-controlled operations on a device. The operations may include behavior that would place the app into one of the other PHA categories if executed automatically. In general, backdoor is more a description of how a potentially harmful operation can occur on a device and is therefore not completely aligned with categories like billing fraud or commercial spyware. Android Security / April 2016 1 of 3

Billing fraud An application that charges the user in an intentionally misleading way. Here are some categories of Billing Fraud. Note that premium services are not necessarily flagged as Billing Fraud: only those that charge the user without an adequate consent. SMS Fraud An application that charges users to send premium SMS without consent. For example, a game app that, while the user plays it, secretly downloads a list of premium numbers and sends SMS messages from the user s device to the numbers. Call Fraud An application that can add charges to a user s mobile bill by making costly calls without informing them first. Wireless Access Protocol (WAP) Fraud An application that adds charges to a user s mobile bill by connecting to a third-party service without asking them first. Commercial Spyware An application that transmits personal information from the device without adequate notice or consent. The software is typically marketed as a tool intended for supervision (e.g., for parent), and may or may not reveal itself to the person being supervised. Data Collection An application that collects data about installed applications without adequate notice or consent. This may include collecting the actual list of installed apps, as well as partial information like the currently active apps. Denial of Service An application that, without the knowledge of the user, executes a denial-of-service attack or is a part of a distributed denial-of-service attack against other systems and resources. This can happen by sending a high volume of http requests to produce excessive load on remote servers. Hostile Downloaders An application that is not in itself potentially harmful, but downloads other potentially harmful apps. For example, a gaming app that does not contain malicious code, but persistently displays a misleading Security Update link that installs harmful apps. Non-Android Threat An application that contains non-android threats. These apps are unable to cause harm to the user or Android device, but contain components that are potentially harmful to other platforms. Phishing Applications An application that pretends to come from a trustworthy source, requests a user s authentication credentials and/or billing information, and sends the data to a third-party. This category also applies to apps that intercept the transmission of user credentials in transit. Android Security / April 2016 2 of 3

Privilege escalation apps An application that compromises the integrity of the system by breaking the application sandbox and allowing one application to interact with other apps on the device or system in a manner that is forbidden by the intended design of the application sandbox. An example of this would be an app that prevents its removal by abusing device administrator APIs. Note: privilege escalation apps that root devices are classified separately as rooting apps. Ransomware An application that takes partial or extensive control of a device or data on a device, and demands payment to release control. Some ransomware apps encrypt data on the device and demand payment to decrypt data, and/or leverage the device administrator features so that the app can t be removed by the typical user. Rooting apps A privilege escalation app that roots the device. There is a difference between malicious rooting apps and non-malicious rooting apps. Non-malicious rooting apps let the user know in advance that they are going to root the phone, and they do not execute other potentially harmful actions that apply to other PHA categories. Malicious rooting apps do not let the user know in advance that they will root the phone, or they inform the user about the rooting in advance but also execute other actions that apply to other PHA categories. Spam An application that sends unsolicited commercial messages to the user s contact list or uses the device as an email spam relay. Spyware An app that attempts to take information from a device and send it to a third party without adequate notice or consent from the user of the device. For example, an app that sends the developer an email containing the names and phone numbers of all people on the device s contact list without user notification or in a manner that is unexpected to the user. Trojan An application that appears to be benign (e.g., a game that claims only to be a game) and performs undesirable actions against the user. This classification is usually used in combination with other categories of harmfulness. A trojan will have an innocuous app component and a hidden harmful component. For example, a tic-tac-toe game that, in the background and without the knowledge of the user, sends premium SMS messages from the user s device. Android Security / April 2016 3 of 3

2016 Google, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information