ITC 506: Mobile App Spoofing Threats, Ethics, and Enterprise Risks

Verified

Added on 2022/11/23

AI Summary

This assignment, focusing on ITC 506 Topics in Information Technology Ethics, examines the ethical implications of mobile app spoofing. It defines spoofing as the recreation of legitimate apps to deceive users, spreading malware and compromising confidential information. The assignment delves into the unethical actions these apps facilitate, such as data theft and disruption of employee productivity, and applies the theory of deontology to highlight the disregard for consequences. It identifies several dangerous spoofing apps like Shuanet, AndroRat, and others, detailing their malicious activities and impact on enterprises, employees, and customers. The assignment emphasizes the responsibility of companies and app creators to ensure security through regular updates and awareness of vulnerabilities. It also highlights the ethical obligations of ICT professionals to protect sensitive information and the need for extra security layers like mobile security apps to combat the growing threat of spoofing attacks. The assignment concludes by emphasizing the importance of ethical considerations in the development and use of mobile applications in the workplace.

ITC 506 TOPICS IN
INFORMATION TECHNOLOGY
ETHICS

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5 Active Mobile Threats Spoofing Enterprise Apps
Mobile app spoofing is done by the hackers where they recreate the visual appearance of
original mobile application to trick their target users. This tricking is done in order to make the
user believe that they are working on the genuine app while the app they are interacting is the
one controlled by the attackers. Spoofing spread malware through infected link or attachment
and ripping off the legitimate app’s name and package name. When this attack is carried out
successfully the attacker can view and exploit the confidential information entered into the app
by the user (Malisa, Kostiainen & Capkun, 2015). It is clear that the malicious attackers have
now started researching on their targets to exploit their weaknesses. As most of the work
nowadays, are taking place through mobile devices even in the enterprise environment, the
attackers are now targeting them with device-centric scams and attacks. The mobile app
spoofing is the perfect way to create malware and use the social engineering technique
effectively in order to ensure their success against the rudimentary techniques. The attacks
carried out have giant impact on the enterprise, employees as well as customers of the
enterprise as they can potentially view all their confidential information which is otherwise not
allowed to be seen. The question here arises is what are some of the unethical jobs this apps
execute in the target device? What if the company knows that the mobile apps may get
vulnerable to these attacks is it ethical to allow them use in the workplace keeping the personal
information of the enterprise and customers on stake? Is it the responsibility of the creator of
apps to provide the customers with a completely secure app?
There are many ethical issues that arises from the act of spoofing mobile apps such as disguise
a communication from an unknown source as been from a known legitimate source. From the
theory of deontology impersonated apps spread spoofing which is unethical and it is the duty of
the apps to spread spoofing and that are not concerned with the goodwill of the people
(Markgraf, n.d.). The Deontology theory applies here because apps spread threat without
thinking about consequences. The attackers only need the information within the target device
to use them in accordance with their aim, such as to harm the company’s reputation or to have
monetary gain. There are several enterprise spoofing apps, out which four dangerous apps are
described in details by Francis, (n.d), which are:
Shuanet which is basically design to push aggressive and intrusive advertising to the mobile
device. Rooted devices are in an altered state of security which causes risk to the company. It is
very difficult to remove this app as it can install itself in the system partition.
AndroRat that allow a third party to control the device. The data, both personal and corporate,
is exfiltrate by the attacker from hidden mobile access software. Collects information from the
devices such as call logs, messages, contact, audio and device location from the target mobile.

Malicious actors are carrying out sophisticated spoofing attacks that requires vigilance on the
part of the user.
UnsafeControl steal sensitive information from the enterprise such as contact information. This
information can be used against the customer in many ways, other than that it can destroy the
enterprise’ reputation in the market.
Pjapps collects and leaks the phone number of the victims, location and IMEI number. The aim
of this attacks is to have monetary gain and thus they collect concerning information such as
location.
Ooqqxx: push adds to the notification bar, creates pop up ads, download large files without
permission, it distracts the employees from their work and they feel irritated from continuous
messages and ads. The aim of this app is to waste employee’s time by distracting them with
unnecessary stuffs.
From the description of this apps, it is clear that their job of this malicious spoofing app is to
steal information, waste employees time and resource such as storage and harm users. As the
behavior of this apps is unethical and so of the one using these apps (Unger, 2016). However,
the ethical dilemma is not only with apps and adversaries. If a company is using mobile apps to
perform any sort of business practice it is their responsibility to check for regular updates in the
mobile device in order to patch the vulnerabilities in the device that leads to the intrusion of
these type of spoofing act (Wandera, 2018). The enterprise apps are developed to support the
users in decision making, however, it is the responsibility of the Creator, and the user alike to
be aware of any vulnerability into their app or device and immediately opt for removing them.
It cannot be denied that the ICT professionals have access to many confidential and personal
information of the individuals and enterprise system and network that provides them with
great power. If the employees are not aware or educated of the threats associated with those
information, the power then can be transformed into abuse, either inadvertently or
deliberately (Rossi, 2015). As a part of professional ethics, privacy and security ethics, at the
lowest possible, the employees and employers as well should spend some extra efforts before
the installation of apps to verify parameters such as app permissions and user comments, and
paying particular attention to the negative ones. From the technical perspective, there is a
requirement to add an extra layer of security such as mobile security app to benefit the user, as
there are a range of harmful spoofing apps that has made their way from Google security
system to the Play Store.

References:
Francis, R. (n.d). 5 active mobile threats spoofing enterprise apps. Retrieved from
https://www.techworld.com.au/slideshow/600945/5-active-mobile-threats-spoofing-
enterprise-apps/
Malisa, L., Kostiainen, K. & Capkun, S. (2015). Technical Report: Detecting Mobile Application
Spoofing Attacks by Leveraging User Visual Similarity Perception. Retrieved from
https://eprint.iacr.org/2015/709.pdf
Markgraf, Bert. (n.d.). Ethical Issues With Business Technology. Small Business - Chron.com.
Retrieved from http://smallbusiness.chron.com/ethical-issues-business-technology-
27297.html
Rossi, B. (2015). Where does the responsibility for ‘ethical’ apps lie? Information Age. Retrieved
from https://www.information-age.com/where-does-responsibility-ethical-apps-lie-
123460349/
Unger, J. (2016). Employee Tracking: The Legality and the Ethics of Workplace Monitoring.
Retrieved from https://www.getapp.com/blog/employee-tracking-legality-ethics-
workplace-monitoring/
Wandera, (2018) Understanding the mobile threat landscape in 2018. Retrieved from
http://staxxsolutions.com/wp-content/uploads/2018/05/Understanding_the_mobile_th
reat_landscape.pdf