Hidden apps are growing in popularity. While initially marketed as a way for teens to hide videos, photos, forbidden apps, and text messages from the watchful eyes of parents, the use of hidden apps is quickly expanding. Hidden apps are increasingly used for criminal activity. At the local level, they can be used as a tool to facilitate drug transactions, sexual assaults, child-porn, as well as data exfiltration and theft. On a much larger and more dangerous international scale, these apps can be used for recruitment purposes by ISIS and other terrorist groups. Because hidden apps are becoming more common sources of evidentiary data in criminal cases, it is essential that forensic investigators take the time to learn about them. Otherwise, key evidence could be missed. When it comes to hidden apps, awareness is critical. Forensic examiners must know these apps exist and how to find them. While there are many hidden apps on the market today, new ones are introduced virtually every day. A quick Internet search is an excellent way to stay current on what’s available and trending in the world of hidden apps. Along with knowledge of what’s out there, examiners must know how apps and data are being hidden to ensure they are not overlooked. Types of Hidden Apps There are three main ways to hide apps. Some users manipulate their phones to hide things in places where they don’t belong. Others use apps that are designed to hide other apps inside. Then there are “official” hidden apps (also known as decoy apps), which appear to do one thing while they are actually designed to do something else. One of the most popular hidden apps is the calculator app. These apps are fully functioning calculators with a twist. Once a password is entered, a new interface appears that allows users to access and store pictures, videos, documents or files that are otherwise hidden to someone reviewing data on the phone. A less technical, but commonly seen way to hide apps is for the user to create folders or nests of folders on their phone that appear to be harmless, and then to store data they wish to hide within that folder. They may even install an application that allows them to change an app’s icon so that it appears to be a different app on the phone. Hidden apps reinforce a valuable lesson in the world of forensics, just because you don’t see something initially, doesn’t mean nothing is there. While it is not realistic to expect examiners to stay current on each and every app, knowing they exist and might be installed is essential. During an investigation it is wise to consider a hidden app might be in use, which means a deeper dive is necessary.

SOURCE:
ForensicMag