Making the case for mobile application security isn’t always easy. Many organizations rush to beat the competition to market. This can mean security is an afterthought. What’s more, mobile app security is often a shared responsibility between security and development teams. This can make internal ownership unclear.
However, when done right, mobile app security doesn’t have to slow the development team down. In fact, it can prevent bad outcomes from a breach, such as:
If your management team is evaluating your organization’s security risk, these four statistics make the case for taking mobile app security seriously.
Globally, 5.19 billion people use mobile phones, and 90 percent of their time is spent on apps. As a result, mobile apps play a huge role in the economy. They are major revenue generators for many companies. However, many apps contain sensitive data or intellectual property. This increases their value to hackers.
Despite the value of these mobile assets, many organizations neglect basic security measures. Hackers seek out “low hanging fruit” apps using widely available tools. Then they attempt to gain access to proprietary information and more. More often than not, it works.
According to Verizon’s 2020 Mobile Security Index, 43 percent of organizations sacrificed mobile security in the past year. Those that did were twice as likely to experience a compromise. Many mobile application development teams are asked to prioritize time to market over security. This leaves their applications vulnerable to attacks.
While development speed is important, some apps that have shipped too quickly have been attacked. One example is the now-infamous Pokemon Go cheat that exploited root access on Android devices. Even iOS applications are not immune to mobile attacks. Some developers get a false sense of security from operating system-level requirements. But these are designed to protect the user, not the application developers and publishers.
According to the 2020 McAfee Mobile Threat Report, hidden mobile applications – most often downloaded from unsanctioned sites, gamer forums, and more – accounted for half of consumer mobile threats in 2019. Malicious apps increased by 30% year-over-year from 2018 to 2019.
Fake mobile apps (i.e. malicious apps) are Android or iOS applications that mimic the look and/or functionality of legitimate applications. They trick unsuspecting users — or those looking to cheat — into installing them. Once downloaded and installed, the applications perform a variety of malicious actions, such as:
Remember: malicious apps aren’t just bad for end-users. They can cause legitimate app makers to lose money and suffer reputationally, too.
This surge in mobile banking has been driven, in part, by coronavirus lockdowns. As a result of high demand for mobile banking services, the FBI warned consumers about mobile app fraud. They cited a rise in app-based trojans, fake apps and other financial vulnerabilities.
Even with rising consumer demand, mobile banking and apps that perform financial transactions are among the most vulnerable categories. A 2019 Guardsquare analysis showed less than 50% of the top financial apps on the Android Marketplace are using proper mobile application security.
A layered approach to application security that combines code hardening, runtime application self-protection (RASP) and real-time threat monitoring is the best all-around defense for all mobile apps with valuable data.