The Rise of Untrustworthy Apps in App Stores

If you’ve been following the news, you may have seen the recent stories discussing the issue about “fake” apps appearing in the Windows Store. Over the past few weeks, efforts have been underway to clean up the worst offenders, but the issue I wanted to call attention isn’t so much the app store itself. How, as an organization, can you trust the apps that users install on their laptops & mobile devices? And even if you do, what can you do about handling the emergence of exploits against various apps?

App stores for desktop operating systems provide a way for users to find the apps they want without having to search the Internet. It’s a concept borrowed from the app stores that appear on mobile devices. The security-conscious user knows better than to download and install a random application, but the average user does not. By providing an app store, the user can visit an authoritative (and curated) collection of apps, which is generally safer than letting users find apps on their own. With integration into the operating system (the search function in Windows returns results from the Windows Store, for example), users can get what they need without having to look for it on their own.

However, not every app a user desires is in the app store, and in spite or even in the absence of a legitimate build, fake apps appear. Keep in mind, these aren’t pirated apps, but rather unofficial builds of an app with extra libraries or hidden functions embedded within. For example, many popular apps are open source projects, which make it possible for anyone to submit their own build to the app store. The end user may not know who the “official” publisher is, and could end up picking one at random. These unofficial builds are not necessarily created for benevolent reasons, as an unscrupulous author might add a price tag to an otherwise free app, as well as add additional functions to the code, such as inserting ad network libraries, scams, or even malware.

If this sounds familiar, you may recall earlier this year, we published research on the use of the same technique in the Google Play store.

These issues are particularly troubling because some of the more aggressive ad networks can harvest details about a user’s information and take advantage of the network connection to deliver the payload without the user’s knowledge.

Now keep in mind that some app stores are better than others. The official app stores tend to be much better at cleaning up apps with bad behavior than some of the others, and as a general rule of thumb, it is sensible to use official app stores instead of some of the others. But as we continue to see, there are always new techniques that can be applied to trick users.

As an organization, good security depends on being able to understand app behaviors, and use a combination of both network and endpoint security along with intelligence on threats to identify dangerous conditions inside the organization. An additional factor that you may want to consider is the ability to discern whether a particular device (a laptop or mobile device) is compliant with an organization’s IT policy before granting access to more sensitive resources.

These principles are all part of the Palo Alto Networks enterprise security platform, and help you establish control over the apps that people use, along with continuously applying a deeper understanding of the condition of the devices and as well as the person using them.

Find out what’s possible by reading more about Palo Alto Networks advanced endpoint protection and our platform.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS