Troubleshoot Mobile OS and App Security Flashcards
lesson 18C (27 cards)
In Android, each app has an Install unknown apps toggle. For example, enabling the toggle shown here would allow the Firefox browser to download and install an app.
Managing location services in iOS (left) and Android.
Root access
bypasses OS restrictions, enabling deep system modifications but also increasing security risks like malware exposure, loss of protections, and update incompatibility.
Jailbreaking
bypasses iOS restrictions, allowing root privileges, sideloading apps, carrier changes, and interface customization, typically requiring a patched kernel and tethered booting.
Kernel Patching
In a jailbreak, a vulnerability in the kernel is exploited to modify its behavior, allowing for the execution of unauthorized code and enabling jailbreak features
Tethered Boot
A tethered jailbreak requires the device to be connected to a computer and the jailbreaking software to be running on the computer during boot. This is because the kernel patch is not persistent after a reboot.
Rooting or jailbreaking bypasses
OS security controls for unrestricted access but disables protections, compromises management software, and removes corporate workspace segmentation, making the device untrusted.
Mobile-device management (MDM) suites
detect rooted/jailbroken devices or unsigned custom firmware to block enterprise access, while containerization uses cryptography to secure workspaces against compromise.
Developer mode
unlocks advanced settings and logs for app development but should not be enabled routinely, as it can be misused for installing unauthorized apps; MDM can block such devices.
Trusted app sources
are managed by service providers that authenticate developers, issue signing certificates, analyze app security risks, and enforce policies like restricting certain content or functionality.
App spoofing
involves rogue developers creating malicious apps that mimic legitimate ones, often using similar names and fake reviews to appear trustworthy. Common targets include VPNs, fake antivirus/ad blockers, and dating apps. Even when using official stores, users should be cautious, especially if an app requests unnecessary permissions.
Enterprise app distribution
uses Apple Business Manager and Managed Google Play for private deployment, while Android allows sideloading via APK files, which can introduce security risks. MDM can restrict third-party stores and unauthorized apps.
Bootleg apps
mimic legitimate ones, often used for piracy via sideloading or unauthorized stores, posing security risks like malware exposure while violating licensing and copyright protections.
Mobile malware
symptoms include battery drain, slow performance, excessive data usage, intrusive ads, unauthorized app installations, and system crashes, requiring vigilance beyond antivirus protection.
malware
A high number of ads
is common in free apps, but unexpected, intrusive, or overly personalized ads may signal tracking or spyware activity.
malware
Fake security warnings
are a scareware tactic, tricking users into installing apps or granting excessive permissions to Trojan software.
malware
sluggish performance
by running background tasks like data collection or cryptomining, leading to power drain and high resource usage.
Malware
corrupt DNS
or search providers, leading to redirection attacks, spoofed sites, certificate warnings, and slow network performance.
trojans
Spoofed or bootleg apps
may function as spyware, requesting excessive permissions, accessing cameras/microphones, copying files, or consuming bandwidth for botnet activity. Monitoring data usage helps detect suspicious behavior.
Compromised devices
can leak personal data, leading to unauthorized access attempts, password changes, and account breaches, requiring vigilance and strong security practices.
Unauthorized location tracking
\ can expose sensitive data, often for targeted advertising, but rogue apps may misuse it for malicious activities like burglary. Always review app permissions carefully.
Cryptomining malware, or cryptojacking
involves using a victim’s computer resources without their knowledge or consent to mine cryptocurrency.
blockchain currency
aka
cryptocurrency
is a digital form of currency that uses blockchain technology to record and verify transactions.
remote wipe
is a security feature that allows administrators or users to erase all data and settings from a device remotely.
