ISIS's Mobile App Developers Are in Crisis Mode
The terror group's forays in social tech may prove to be a high-risk, high-cost experiment.
Photo: Thorsten Hartmann/Flickr
When they say, "There's an app for everything," terror propaganda is no exception. In the past six months, the Islamic State (IS, ISIS, or Daesh) and its news agency, 'Amaq, have officially developed at least six mobile apps, adding to a list of other apps created by the group's supporters. These developments say a lot about IS's priority to stay at the forefront of social technologies. But, noting some developing concerns by the group and its followers, IS's app machine may prove to be a high-risk, high-cost experiment.
IS released its first app on November 29, 2015 via 'Amaq, providing news reports and media on IS operations, mostly within Iraq and Syria.
Two months later, on January 30, 2016, IS released an Android app for streaming its al-Bayan radio broadcasts, providing daily news updates across IS's provincial divisions, along with religious readings and chants.
Such apps are valuable tools not just to recruit, but also to provide stable channels of information outside of social media accounts, which are often taken down by administrators. For these reasons, it was not surprising that IS would continue with similar projects. On April 17, the group released an English version of its 'Amaq app. Additionally, apps for French and Turkish IS propaganda were released on April 21 and May 2, respectively.
IS app operations have also gone beyond news and religious content. On May 10, the group released a jihadi-themed Android app for children learning the Arabic alphabet. Produced by the group's "al-Himmah Library," the app matches letters to corresponding words, showing "Madfa'e"(Canon) for M, "Bundiqiya" (Rifle) for B, and "Sarokh"(Rocket) for S, among other examples.
IS often provides updates for these apps, including one on March 16 for its first 'Amaq application. The group also released Windows versions of the aforementioned Bayan and children's app on March 17 and May 28, respectively.
Just when it seemed that IS had succeeded in creating a direct and uninterrupted method of linking to its followers, the group would show signs that its app operations had brought about new risks.
A notice disseminated officially by 'Amaq on June 1—and subsequently by other social media channels—claimed that "dubious sources" were disseminating a fake version of the 'Amaq app, purposed for "spying":
Soon after, IS-linked groups and supporters disseminated another "important alert" by IS in various languages, which stated that purportedly fake IS apps were spread online, and may have been intended for "breaching." The message also gave similar safety instructions as the aforementioned notice by 'Amaq:
Recently, a fake copy of al-Bayan broadcast, 'Amaq, and others were circulated. The publishing individual claimed that they are in several languages and it appeared that it aims for breaching, so we advise all supporters of the State of the Caliphate to count on the official channels while uploading these applications and verify the digital fingerprint for the application before starting it.
Of note is that the second message, despite warning of an official IS app, was not posted by official IS accounts.
An English version of the notice disseminated the same day claimed more definitively that the apps were "clearly aimed at infiltration."
One might wonder how an app can be "fake"—a concern you'd never really consider shopping through app stores. But IS and other jihadists operate with different rules and resources, leading to new sorts of vulnerabilities.
You might have noticed that all of the aforementioned IS apps were made for Android. This recurrence does not come from preference, but rather because it is the only option for jihadists. All apps on the iOS App Store must first go through a stringent approval process by Apple to make sure they "are free of offensive material." Similarly, Google also maintains full control over which apps are available for download on the official Play Store for Android, and can reject any app if it violates its policies. This was most recently seen with an app by the Afghan Taliban, which was banned within days after appearing on the store on April 1, 2016.
However, the main difference between iPhone and Android devices is that the latter allows users to create and install new apps outside of its designated app store. Unlike iOS, Android apps can be created and installed independently as APK (Android application package) files without ever entering the Google Play Store. Thus, this technique, known as "sideloading," is IS's main technique to bypass red tape set forth by Google and Apple.
Releasing apps this way does have its benefits for IS. A functioning collection of sleek apps tells the group's followers that it can manage multi-pronged media operations, and contributes to projecting legitimate statehood. To its enemies, the apps mockingly tout that the group is able to sidestep existing security measures and get its propaganda to supporters and prospects by yet another dissemination method.
However, these apps also come with costs, the most significant of which being privacy of IS supporters. As governments and vigilantes around the world continue targeting IS online, apps circulated outside of Google Play or iOS stores provide new opportunities to plant disguised malware into the mix, and thus infiltrate the community. And indeed, as seen in Thursday's warning by IS of fake apps, such entities appear to be doing just that: creating fake, malware-laden versions of IS's al-Bayan or 'Amaq APK files.
A common method of avoiding such deception is through file verification via uniquely generated checksum files, sometimes called "digital fingerprints," which can determine if a file has been altered from its original form. And despite the fact that IS apps include these elements, its warnings suggest that not a lot of its followers are paying attention. Such missteps by IS supporters only become more likely as IS's official "Nashir" and 'Amaq channels are frequently taken down, leaving IS's supporters dependent on secondary, less dependable social media outlets.
The disruption of IS's mobile app operations are an embarrassment for the group, which goes to great efforts to maintain a respected media presence among jihadists, and puts its followers at increased risk of detection and arrest. Clearly, this is why IS didn't disseminate the previously shown red image warning about fake apps, but instead left it to supporters.
So, will IS continue releasing its own apps? It's not clear, but the fact that these apps are still operating might hint toward the answer. After all, IS took continuous risks of staying on Twitter and other platforms, which led to the arrest of many of its followers. Considering this history, IS may very well be willing to endanger its followers to keep its app machine moving.
Rita Katz, the Director and co-founder of the SITE Intelligence Group, has studied, tracked, and analyzed international terrorists, the global jihadist network, and terrorism financing for more than a decade. Ms. Katz has personally briefed government officials in the White House, Department of Justice, Department of the Treasury, and the Department of Homeland Security on terrorist financing and recruitment networks.
Ms. Katz is the author of TERRORIST HUNTER: The Extraordinary Story of a Woman who Went Undercover to Infiltrate the Radical Islamic Groups Operating in America.