177
edits
B2G App Security Model/Threat Model: Difference between revisions
B2G App Security Model/Threat Model (view source)
Revision as of 00:33, 23 March 2012
, 23 March 2012→App Store Compromise
| Line 76: | Line 76: | ||
=== App Store Compromise=== | === App Store Compromise=== | ||
Similar to the app host scenario – a compromised server hosting the app store could leverage the trust relationship with a user to trick them into installing malicious apps. If attackers have already compromised another web app, they could also update the trust settings for the app to elevate its privileges. If the store is hosting privileged apps with special powers (phone dialer, etc) they could expose users or carriers to direct financial losses. | Similar to the app host scenario – a compromised server hosting the app store could leverage the trust relationship with a user to trick them into installing malicious apps. If attackers have already compromised another web app, they could also update the trust settings for the app to elevate its privileges. If the store is hosting privileged apps with special powers (phone dialer, etc) they could expose users or carriers to direct financial losses. | ||
('''NOTE AGAIN: THIS IS AN ASSUMPTION that is based on the use and deployment of host-based (SSL) PKI security. in people-based (GPG) PKI security, the entire app-signing and review process takes place on SEPARATE systems, completely isolated from the public-facing store servers on which the (digitally-signed) apps are hosted'''). | |||
====Potential Countermeasures==== | ====Potential Countermeasures==== | ||
* Controls are largely the same as for vulnerable web applications - see above. | * Controls are largely the same as for vulnerable web applications - see above. | ||