At Corrata we understand that not everyone is a mobile endpoint security expert. Sometimes, no doubt, we lapse into jargon. So to avoid unnecessary confusion below you’ll find our explanation of some key terms.
Acceptable use policy
Acceptable use policies are rules established by organizations around the type of content considered inappropriate to access on company provided equipment.
In Android, a permission which, if granted to an application, allows it to read and override screens. Very commonly used within Android malware to allow adversaries to take control of a user’s device.
Also known as Man-in-the-middle attacks. Covers a range of different network attack techniques where a bad actor inserts themselves between a device and its intended destination in order to intercept communications and steal sensitive data.
Android package kit (apk)
The file format used to distribute and install applications on Android devices.
Software designed to identify and, where possible, disable malware.
Authentication cookie theft
An attack which involves a bad actor duplicating the authentication cookie used to validate a user accessing an application. Once stolen, the authentication cookie can be used to provide the bad actor with ongoing unauthorized access to the application.
Bring your own device. Refers to the policy of allowing employee owned devices to be used to access company applications.
Certificate pinning is used to ensure that the server to which your device connects is legitimate. Usually it involves storing within a mobile app information about the legitimate site’s tls certificate.
Cipher suites are sets of cryptographic algorithms that are used to secure network communications. A cipher suite is a combination of encryption, authentication and key exchange algorithms that determine the level of security used to protect the communication.
Common Vulnerabilities and Exposures
A list of publicly disclosed cybersecurity vulnerabilities and exposures that have been identified by security researchers or vendors.
A security feature that allows organizations to control access to applications based on specified conditions or policies. For example, an organization may require that any mobile devices accessing company applications have a high security score.
Permissions such as Accessibility, Location Tracking and File Access which users may grant to mobile applications and which are open to abuse.
A set of advanced settings in Android, which when enabled give access to among other things, USB debugging.
Refers to a condition where the security of a device has been significantly undermined meaning that the user can no longer rely on critical security features such as sandboxing and storage encryption.
Software which takes advantage of a vulnerability in an operating system or application to gain unauthorized access or perform malicious actions.
Jailbreaking refers to the process of removing iOS’s built-in security features to gain root access to the device. Jailbreaking can allow users to install third-party applications or themes not available through the App Store. Once jailbroken a device is highly vulnerable to malicious software.
Links on websites which lead to dangerous content such as malware downloads or phishing sites.
A website hosting content which is part of a cyberattack. This may be malware, or content designed to impersonate a legitimate site and lure the user into revealing sensitive information including passwords.
Mobile Device Management
Often used interchangeably with the terms Unified Endpoint Management (UEM) and Enterprise Mobility Management (EMM). Systems for managing mobile and other devices by ensuring consistent settings across an organization and distributing applications, certificates and profiles. Examples include Microsoft Intune, VMWare Workspace ONE and IBM MaaS360.
Mobile endpoint detection and response
Features of a mobile endpoint security solution which focus on detecting advanced malware and automatically performing mitigation and remediation actions.
Mobile endpoint security
An application designed to protect iOS and Android devices from malware, malicious content, app, device and network vulnerabilities and to ensure that devices maintain a high security posture.
Malicious software which is designed to harm users through social engineering, unauthorized access to phone features or data or other illicit activities.
Mobile threat defense
Also known as Mobile Threat Management and Mobile Threat Protection. An industry term used by analysts to describe software designed to protect mobile devices from cyberthreats.
Spyware developed by Israeli surveillance for hire company NSO which has been implicated in the hacking of journalists, civil rights activists, politicians and other high profile targets.
Spyware developed by the Intellexa Group. Has been implicated in the surveillance of a range of high profile individuals.
Spam text messages often including phishing links. Also known as smishing texts.
Equivalent to Jailbreaking but for Android devices. It’s the process of bypassing the built-in security features of Android to gain root access to the device.
A security feature on iOS and Android which ensures that, under normal circumstances, a mobile application will only have access to its own data and to system capabilities authorized by the operating system. Sandboxing is designed to prevent an application from accessing data or capabilities belonging to any other application.
The installation of mobile applications other than from an official app store such as Apple App Store or Google Play.
Short for “SMS Phishing.” A phishing link delivered within an SMS message.
Social media phishing
A phishing link which is delivered within a social media applications such as Facebook, WhatsApp or Linkedin.
A type of malware specifically designed to steal sensitive data such as passwords, messages, photos and other content from a device.
Third party apps enabled
A feature in Android where a user authorizes the installation of applications from 3rd party app stores. Required for sideloading.
Transport layer security. The key internet protocol which provides end to end encryption between a device and the application it is connecting to.
A flaw in software which can be exploited by an attacker to gain unauthorized access to capabilities and data.
Web filtering is a technique for blocking access to risky or inappropriate content in accordance with an organization’s security and acceptable use policies.
Zero day attack
An attack which exploits a vulnerability that, at the time of the attack, was unknown to the vendor or the security community.
An increasingly prevalent approach to cybersecurity that assumes that no user, device or network should be automatically trusted. In a zero trust model, every access request is treated as potentially malicious and must be verified before being granted access to resources.