There are two main categories of mobile code security risks: (1) malicious functionality and (2) vulnerabilities.
The category of malicious functionality is a list of unwanted and dangerous mobile code behaviors that are stealthily placed in a Trojan app that the user is tricked into installing. Users think they are installing a game or utility and instead get hidden spyware, phishing UI or unauthorized premium dialing.
Increasing smartphone adoption rates coupled with the rapid growth in smartphone application counts have created a scenario where private and sensitive information is being pushed to the new device perimeter at an alarming rate.
- Activity monitoring and data retrieval
- Unauthorized dialing, SMS and payments
- Unauthorized network connectivity (exfiltration or command & control)
- UI impersonation
- System modification (rootkit, APN proxy config)
- Logic or time bomb
- Sensitive data leakage (inadvertent or side channel)
- Unsafe sensitive data storage
- Unsafe sensitive data transmission
- Hardcoded password/keys