|
Work item:
|
X.tg-fdma
|
|
Subject/title:
|
Technical guidelines for fraud detection of malicious applications in mobile devices
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-Q3 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
Ant Group Co., Ltd., China Information Communication Technologies Group, vivo Mobile Communication, Alibaba China Co., Ltd., Malaysian Communications and Multimedia Commission
|
|
Summary:
|
With the popularity of mobile devices and applications, using applications has become one of the main means of telecom and online fraud. For example, malicious applications disguise themselves as the normal credit applications or shopping application to defraud. The malicious applications related to fraud use deceitful tactics to induce users to transfer money to the fraudsters, and often accompanied by methods such as collecting sensitive personal information. For the detection and prevention of this kind of fraud, the traditional solution is based on application store review and reminder from security software in the mobile device. There are some challenges of this solution. App Store review can help prevent malicious applications fraud, but the developers of malicious applications are constantly exploring new methods to bypass app store review. In addition, the app store review mainly focuses on whether the application contains malicious code, whether it meets development guidelines, etc., it is difficult to effectively identify fraudulent applications. Some malicious applications are distributed by the third-party platform and induce users to download and install them. The security software in the mobile device mainly focuses on the identifying viruses and vulnerabilities of applications, it is difficult to effectively identify fraudulent applications too.
The typical stages of malicious applications in mobile devices include download, installation, running, and inducing money transfer, and there are different fraud risks at different stages.
In download and installation stage, the malicious applications impersonate normal applications and bypass the detection of security software. And the malicious applications may implant trojans in mobile devices.
In running stage, the malicious applications may steal users’ information by the implanted trojans or induce users to provide information actively by impersonating normal applications.
In inducing money transfer stage, sometimes the malicious applications usually allow users to make a small profit by multiple means at the early stages of fraud. After gaining the trust of users, the malicious applications will lure users to transfer money. Sometimes, the malicious may fraud users directly, such as by disguising themselves as normal shopping applications.
The entire fraud process is very complex, requiring the mobile devices and applications to work together to detect and prevent fraud effectively. So, it is necessary to analyze characteristics and fraud risks of malicious applications during download and installation stage, runtime stage and inducing transaction stage, then to define technical framework and technical capabilities for fraud detection of malicious applications to provide a fraud detection and prevention technical solution based on the interaction between mobile devices and applications. The purpose of this Recommendation is to provide a universal technical solution to guide all parties in effective fraud detection and prevention.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-09-28 14:50:24
|
|
Last update:
2024-03-12 14:13:50
|
|
