Skip to main content
Revy's Tech Journey, powered by Revtek
Back to Study
A+ Core 2 · CompTIA 220-1202 V15 · Objective C2-3.3

Given a scenario, troubleshoot common mobile OS and application security issues

Drill flashcardsFocused quizBrowse all objectives (sidebar view)

Objective 3.3: Given a scenario, troubleshoot common mobile OS and application security issues

Cert: CompTIA A+ Core 2 (220-1202) V15 Domain: 3.0 Software Troubleshooting Weight: Part of the 23% Software Troubleshooting domain Depth: Given a scenario, troubleshoot. The candidate must recognize mobile security issues by symptom and identify the underlying cause and fix.

What this objective tests

You should recognize mobile security concerns (sideloaded apps, developer mode, root/jailbreak, unauthorized apps, app spoofing) and the symptoms of compromise (high traffic, slow response, data warnings, ads, fake security warnings, file leakage).

Key facts

Application source / unofficial app stores:

  • Android allows sideloading APKs from outside Google Play. Disable "Install unknown apps" by default; allow only when needed and only for trusted sources.
  • iOS allows sideloading only via TestFlight (developer beta) or enterprise distribution (signed enterprise certs). In the EU, alternative app stores are allowed under DMA but with vendor approval.
  • Apps from unofficial sources can include malware, modified payloads, or apps that look like legitimate apps but spoof them.

Developer mode:

  • iOS Developer Mode (iOS 16+) and Android Developer Options unlock features like USB debugging, sideloading, advanced logging.
  • Useful for developers but dangerous on consumer devices because they lower default security barriers.
  • Disable on production devices.

Root access / jailbreak:

  • Root (Android) or jailbreak (iOS) removes manufacturer security restrictions.
  • Gives the user (or any malicious app) full system access. Bypasses sandboxing.
  • Common modern jailbreaks: very rare on current iOS; was common on older versions. Android rooting (Magisk, KingoRoot) still active.
  • MDM should detect and block rooted/jailbroken devices from accessing corporate resources.

Unauthorized / malicious application:

  • App that does something the user didn't expect: harvest contacts, send SMS premium, mine crypto, exfiltrate photos.
  • Often distributed via unofficial sources, but malicious apps also occasionally make it past Google Play / App Store review.

Application spoofing:

  • App designed to look like a legitimate app (banking, social media). Tricks user into entering credentials.
  • Always download apps from the official store and verify the developer name. "Chase Bank" by "Chase" vs by "John Doe."

High network traffic:

  • Mobile device sending or receiving unusually large amounts of data.
  • Symptom of: cryptominer, spyware exfiltrating data, runaway sync, hidden ad-loading.
  • Check Settings > Network/Cellular > Per-app data usage.

Degraded response time:

  • Device feels sluggish.
  • Causes: malicious app consuming resources, storage full, OS update needed, hardware aging, thermal throttling.
  • Settings > Battery shows per-app consumption (a proxy for CPU/network use).

Data-usage limit notification:

  • Carrier or device notification that the data plan is approaching/exceeding limit.
  • Investigate: which app consumed the data. Per-app data usage in Settings.
  • Possible causes: malicious app exfiltrating data, sync runaway, large updates over cellular.

Limited / no internet connectivity:

  • App or device can't reach the Internet despite signal.
  • Could be: malicious VPN profile redirecting traffic, DNS hijack, captive portal not handled.
  • Check Settings for unexpected VPN/proxy/DNS configurations. Remove unfamiliar profiles.

High number of ads:

  • Persistent pop-up ads, ads in places where there shouldn't be any (lock screen, system UI).
  • Symptom of adware app. Common after installing free apps from unofficial sources.
  • Uninstall the suspect app; check Battery and Storage > top consumers to find it if not obvious.

Fake security warnings:

  • Pop-ups claiming "Your device is infected!" with a button to install "anti-virus."
  • Always scam. Don't tap. Close the browser tab. Real iOS/Android security alerts come from system, not web pages.

Unexpected application behavior:

  • App requesting permissions it shouldn't (flashlight app wants contacts access). Sending texts you didn't write. Opening browser tabs.
  • Treat as compromise. Uninstall the app; consider broader investigation.

Leaked personal files / data:

  • Photos, contacts, SMS, or other personal data appearing where they shouldn't.
  • Likely a malicious app with broad permissions or an active compromise.
  • Action: uninstall suspect apps, rotate passwords for accounts that may have been on the device, consider factory reset.

Common gotchas

  • Sideloaded "modded" version of a popular app. Often distributed via unofficial sources with malware bundled. Use the official store only.
  • "Free Premium" app on Play Store. Slipped past review; uses excessive permissions and shows aggressive ads. Read reviews; check the developer.
  • Jailbroken iPhone accessing corporate email. MDM should block; if it's not detected, the device is a risk.
  • Browser pop-up "Your iPhone is infected!" iPhones don't get viruses in this way. Close tab; don't install anything.
  • VPN profile installed via a "free VPN" app. Often routes traffic through unknown servers; some sell user data. Remove from Settings > General > VPN & Device Management.
  • Cellular data spike with no obvious cause. Look at per-app data usage; investigate the top consumer.

Real-world context

Investigation flow when a mobile device shows security symptoms:

  1. Identify the symptom and timeline. When did it start? What changed?
  2. Check recently installed apps. Especially anything from outside the official store.
  3. Check per-app data usage / battery / storage. Identify outliers.
  4. Check Settings for unexpected configurations: VPN profiles, MDM profiles you didn't enroll in, DNS settings, proxy.
  5. Uninstall suspect apps. Reboot.
  6. Run security scan (Lookout, Malwarebytes Mobile, Microsoft Defender for Endpoint mobile) if available.
  7. If still affected: factory reset is the nuclear option, restoring from a clean backup.

Hardening to prevent recurrence:

  • Disable sideloading (Android: "Install unknown apps" off).
  • Keep Developer Options off.
  • Keep OS and apps updated.
  • Install apps only from the official store and verified developers.
  • Use MDM if corporate-managed; require compliance attestation.

Sources

  • [CompTIA A+ 220-1202 Exam Objectives Version 4.0, Section 3.3](../../../../../../30-RevyTechJourney/CompTIA%20A%2B%20220-1202%20Exam%20Objectives%20%284.0%29.pdf)
  • [Apple Support: Recognize and avoid phishing](https://support.apple.com/en-us/HT204759)
  • [Google: Stay safe on Android](https://support.google.com/android/answer/2812853)
  • [NIST SP 800-124: Mobile Device Security](https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final)