|
Work item:
|
X.1130 (ex X.tg-fdma)
|
|
Subject/title:
|
Technical guidelines for detecting malicious activities of mobile applications
|
|
Status:
|
Determined on 2025-04-17 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-04 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
Ant Group Co., Ltd., China Information Communication Technologies Group, vivo Mobile Communication, Alibaba China Co., Ltd., Malaysian Communications and Multimedia Commission
|
|
Summary:
|
With the widespread use of mobile devices and applications, APPs have become a primary vector for malicious activities. The attackers gain users’ trust by disguising a malicious app as a legitimate one, thereby obtaining economic benefits. For example, malicious APPs may disguise themselves as legitimate credit or shopping applications to deceive users for financial gain. To detect and prevent such malicious activities, traditional approaches rely on APP Store reviews and alerts from security software installed in the mobile device. However, this solution faces several challenges. While APP Store reviews can help block malicious applications, attackers continuously develop new techniques to evade detection and bypass APP Store reviews. In addition, some malicious applications are distributed through third-party platforms where they entice users to download and install them. Mobile security software primarily focuses on detecting viruses and application vulnerabilities making it difficult to effectively identify malicious applications specifically designed to carry out malicious activities.
Malicious applications on mobile devices typically operate through four stages: download, installation, execution, and payment inducement. Each stage presents distinct risks.
During the download and installation stage, malicious applications often disguise themselves as legitimate applications to evade detection by security software. They may also implant trojans on the mobile device during this phase.
In the execution stage, these applications may steal user information through the implanted trojans or trick users into voluntarily disclosing sensitive data by mimicking legitimate applications.
In the payment inducement stage, malicious applications often build trust by offering small rewards or profits through various schemes. Once user trust is established, they lure users into transferring money. In some cases, the deception is direct, for example, by masquerading as legitimate shopping applications to exploit unsuspecting users.
The entire process of detecting and preventing malicious activities is highly complex, requiring close coordination between mobile devices and applications. This Recommendation analyses the characteristics and risks of malicious applications across multiple stages, including download, installation, execution and payment inducement, and provides a comprehensive technical solution for detecting and preventing malicious activities, based on the interactions between mobile devices and applications.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-09-28 14:50:24
|
|
Last update:
2025-12-15 12:47:59
|
|
