Skip to content

Hide Navigation Hide TOC

Remotely Install Application - T1443 (831e3269-da49-48ac-94dc-948008e8fd16)

An adversary with control of a target's Google account can use the Google Play Store's remote installation capability to install apps onto the Android devices associated with the Google account as described in (Citation: Oberheide-RemoteInstall), (Citation: Konoth). However, only applications that are available for download through the Google Play Store can be remotely installed using this technique.

Detection: An EMM/MDM or mobile threat protection solution can identify the presence of unwanted or known insecure or malicious apps on devices.

Platforms: Android

Cluster A Galaxy A Cluster B Galaxy B Level
Deliver Malicious App via Authorized App Store - T1475 (d9db3d46-66ca-44b4-9daa-1ef97cb7465a) Attack Pattern Remotely Install Application - T1443 (831e3269-da49-48ac-94dc-948008e8fd16) Attack Pattern 1