Mobile Operating System Verification Layer for Preventing Spoofed Mobile Application Installation

Mobile application spoofing is a serious problem that enterprise sectors have a tough time combating. Applications can have an identical package name as the application that the enterprise user is attempting to install, which in theory would bypass enterprise security. This paper focuses on apps spoofing enterprise level apps. The security company Lookout recently researched malware that was impersonating apps such as “Cisco’s Business Class Email app, ADP, Dropbox, FedEx Mobile, Zendesk, VMWare’s Horizon Client, Blackboard’s Mobile Learn app, and others [4].” The malware will “spoof the app’s legitimate package name, either using the same package name or one very similar [4].” Employees using these apps are more likely to “award permissions to apps pretending to be those trusted brands, and less likely to uninstall them [4].” This is troublesome especially when “67% of IT and security pros say that their organization has likely already been hit by an attack through mobile [4].” In this paper, I proposed having a verification layer that guards against spoofed applications that are downloaded through third-party vendors.