There is no lack of data supporting the continuing rise in mobile apps and the app stores that house them. The five leading app stores alone have over 6.5 million apps. Worryingly, this proliferation of inventory across app stores has been accompanied by an increase in blacklisted apps, which have doubled between 2015 and 2016. The vastness of this ecosystem provides the perfect hiding place for malicious actors. Why is this?
Most people are familiar with the leading app stores such as Apple and Google, but would be surprised to know that there are hundreds of stores out there. Some stores redirect users back to one of the primary stores for download while others hold their own inventory. Some do both.
>See also: Severe: the security risk to UK mobile app users
Mobile app inventory is also dynamic, with apps moving from the primary stores to secondary and affiliate stores, more often than not without the knowledge of the app owner. This fluidity is a challenge for companies trying to restrict their apps to the primary stores and monitor for fraudulent apps leveraging their brand. This creates a fertile environment for cyber criminals to conduct their business, and is compounded by consumers’ poor security awareness as revealed in a recent survey we commissioned.
The survey revealed that almost half (45%) of respondents do not scrutinise the app’s details while 60% never or only occasionally review the privacy policy and permissions requested by the app before downloading. Such a fast and carefree approach to mobile app downloads is leaving UK consumers and businesses vulnerable to cyber criminals seeking to infect mobile devices and steal information from unsuspecting victims.
Consumers are regularly displaying behaviours that put themselves at risk. Specifically, there is a lack of attention when downloading apps. More than half of respondents have clicked on an ad promoting an app and half of those never check to see that they have been directed to an official store.
>See also: The mobile threat landscape
It doesn’t come as a surprise that one in twelve admit to sometimes downloading apps only to find they are not from the company or brand they expected. Consumers’ propensity to click through without thoroughly inspecting app details such as its developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps.
As the volume of personal information being requested and shared through mobile applications continues to grow, the need for better mobile security awareness has never been greater.
Despite this desperate need, consumers continue to use their online accounts at risk of being exploited. For example, over half (53%) were found to reuse passwords across their mobile apps.
On top of this, 12% of our survey respondents have jail broken or routed their phone. The most common reason for doing so is increased freedom in which stores can be accessed and what apps can be downloaded.
>See also: The number of enterprise mobile apps is not accelerating – Gartner
While modifying a phone can allow more choice for the user, it also bypasses many of the security mechanisms put in place by carriers and official app stores, requiring heightened security awareness and understanding on the part of the user to stay secure. While many major organisations are attempting to step up efforts to police their apps and brands across hundreds of different app stores, there is no replacement for consumer vigilance.
It is time for smartphone and tablet users to exercise more caution when building their app portfolio. Simultaneously, businesses need to aggressively police their mobile apps to protect both their consumers and brands in a generation of increased vulnerability to cybercrime.
Sourced by Colin Verrall, VP EMEA RiskIQ
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here