Ensuring the Security of the Mobile Application Supply Chain in the Context of the Evolution of Modern Mobile Threat ModelsAleksandr Pinaev Citation: Aleksandr Pinaev, "Ensuring the Security of the Mobile Application Supply Chain in the Context of the Evolution of Modern Mobile Threat Models", Universal Library of Innovative Research and Studies, Volume 01, Issue 02. Copyright: This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. AbstractThis article analyses security threats specific to the mobile application supply chain during 2021–2024. The aim of the study is to systematise the contemporary attack landscape targeting mobile application supply chains and to propose a multi-level conceptual security model spanning all stages of the application lifecycle. The study employs a systematic literature review, a comparative analysis of industry reports, and case-study methodology. The study results show that third-party partners account for 15% of security breaches, with 63% of organizations experiencing significant losses from mobile-related incidents. Based on analysis of OWASP Mobile Top 10 (2024), the Keenadu and CocoaPods attack cases, and malicious SDK campaigns, the author proposes the Mobile Supply Chain Security Architecture (MSCSA), a five-level control model encompassing development, build, distribution, runtime, and governance. The findings are relevant to cybersecurity researchers, mobile application developers, IT risk management professionals, and regulators developing software security requirements. Keywords: Supply Chain Security, Mobile Applications, Mobile Threat Models, OWASP Mobile Top 10, Third-Party SDKs, Firmware Attacks, SBOM, DevSecOps, RASP, EU Cyber Resilience Act. Download https://doi.org/10.70315/uloap.ulirs.2024.0102014
|
|---|
