The real risks behind real money – are you aware of the malware risk from gaming apps?

We all know the tales of people winning big after a flutter of the cards but in recent years fans of gambling have been able to indulge outside the casino doors, both virtual and physical, thanks to the growth in real-money gaming apps.

According to those in the know over at Betacade, the time spent in mobile apps now surpasses the time spent in browsers. However, the growing consumer appetite for these types of apps is accompanied by a growing risk.

App store issues

Unlike most other categories of mobile apps, real-money gaming apps are not permitted on the Google Play app store and are only allowed on Apple iTunes stores in regions where on-line gaming is permitted, the UK for example. Many third party stores, such as Amazon, also ban real-money gaming apps.

This lack of access to the popular distribution channels poses a challenge for game developers as they have to seek out other routes for distribution, not an easy task in a highly competitive market where consumers just want easy access.

> See also: How to tackle the 7 mobile app security deadly sins

This dilemma has driven a market for specialist real-money gaming app stores for both Android and iOS devices. Additionally, users can find their favourite real-money gaming apps in a worrying number of secondary app stores.

RiskIQ conducted research earlier this year to find out just how widespread the mobile app ecosystem is for some of the UK’s top gambling organisations. They found that on average there are 12,000 instances of applications referencing a single brand across the mobile ecosystem for each gambling company researched. 

These apps were spread across an average of 54 of the top 150 app stores we regularly track. Apps for one organisation in particular were found in 86 different app stores.

While some of these stores are above board, others are a hotbed for illegitimate applications with hidden malware waiting to be unleashed on users who come across them.

Avoiding the malicious

Apps that are not genuine place the consumer at a disadvantage. At the best they can lead to a poor brand experience, which reflects badly on the business; at the worst, malicious apps can compromise a users’ security and lead to the spread of malicious viruses.

For most illegitimate apps the objective is to steal traffic away from legitimate brands by tricking the user into believing that their app is official, something which is no different for real-money gaming apps than it is for any other mobile application.

This can be done through brand impersonation in the app and on the store, through placement in stores unlikely to contain the legitimate app and through search engine strategies designed to place the illegitimate app at or near the top of the results list.

Unfortunately for consumers navigating this minefield of legitimate and illegitimate apps isn’t easy. While sometimes the content on offer is markedly different or of a noticeable lower quality, in other instances apps are modified or 'wrapped' so that the user experience is genuine but with some added surprises such as adware, malware, redirects, and so on.

RiskIQ's research also found that the top UK real-money gaming firms had an average of 2,300 blacklisted applications each. One organisation even had an astounding 10,303 blacklisted applications associated with its brand.

Blacklisting occurs when an app fails a virus scan by one or more of the major virus vendors or if it links to a URL or IP address that is a known source of malware.

A blacklisted application can be detrimental to an organisation; many of these applications will contain malicious capabilities to do everything from treat a device as a form of revenue generation using click fraud through to monitoring an individual users movements by accessing geo-location services and replicating data.

For the brands associated with these applications the need to remove them from circulation is vital as customers will place the fault of the malware with the brand and not the rogue application.

> See also: The checklist for enterprise mobile apps that are flexible yet secure

One particular example of a blacklisted app that was uncovered does nothing more than load the legitimate mobile web site and provide an affiliate cookie, meaning that the fraudster will receive remuneration for the new account and in some cases a percentage of the revenue.

Affiliate fraud is certainly not new on the web and now looks to be finding its way into mobile apps as well.

Keeping a clean house

For an industry which is so highly competitive, the need to provide customers with the best experience possible is crucial in order to retain consumer loyalty and grow the mobile channel.

Whilst they may not be directly responsible, or have no knowledge of the malicious applications claiming to be legitimate, in the eyes of many clients they will still be held accountable.

As a result, organisations in the real-money gaming sector need to be increasingly vigilant in monitoring the app store ecosystem to better protect both their brand and their customers.

Sourced from Ben Harknett, VP EMEA, RiskIQ

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Applications
Malware