Mobile Application Security

Want to steal sensitive customer info and distribute malware? There’s an app for that. Make sure it’s not yours.

The bad guys go where there’s profit and opportunity – and that’s the app market. With millions of apps and hundreds of app stores, and more appearing every
day, it’s easy for bad apps to sneak in unnoticed. Secondary app stores that grab apps from official stores and re-deploy them are often targeted by attackers, since there’s often a lack of policing and visibility in these stores. And easy money can be made by writing bad apps based on existing apps and trusted brands. While some malicious developers work alone, grey hat networks and criminal networks also fund crimeware and rogue apps, and rogue-affiliate networks launder stolen credentials or identities collected by these rogue apps.

What types of problems do rogue apps present?

The problems vary from fairly innocent and low impact – like unauthorized apps that use your corporate name, to medium impact – like apps that circumvent paywalls and collect money for services that never get fulfilled, to high impact
– data and identity theft where customers see a very real loss in both privacy and funds in just a single interaction with an app. Apps can violate a user’s privacy by collecting user IDs, email and street addresses, phone numbers and GPS coordinates. This info can be sold to advertising brokers and analytics firms. They can also steal highly sensitive financial information like bank login passwords and account numbers.

What else are malicious apps capable of?

Malware apps can record audio, read phone contacts, write settings, and install additional apps without consent. Some of the most common malicious apps are premium rate calling/SMS apps. This type of malware calls or sends out an SMS to a premium rate phone number, and the cell phone user gets charged on their phone bill.

What do companies need to be on the lookout for?

Companies may have an eye on the apps they know about, but there may be others they don’t know about. Copycat apps take a company’s official app or website, copy and change its API and credentials and re-release it into an app store. By inserting info-stealing code or aggressive advertising SDKs into app files, scammers can rake in easy money from people looking for free versions of popular apps. Most of the Fortune 500 companies have had their brands hijacked by copycat apps. And consumers often can’t tell the difference between a copycat app and the real thing, since copycat apps use the name of legitimate apps and brands to gain the trust of even the most discerning users. This can result in brand erosion and the loss of customers as the fake app is downloaded instead of the real thing.

Keep a pulse on your mobile app footprint with RiskIQ for Mobile

Keep an eye on known and unknown mobile apps in primary, secondary and affiliate app stores with RiskIQ™ for Mobile. In discovering and continually monitoring apps, we emulate user behavior to detect suspect applications, application tampering and brand impersonation. With unparalleled visibility and automated takedown of unauthorized apps, you’ve got what it takes to secure your apps, protect your customers and uphold your good name.

Who benefits from using our mobile security solution?

  • Security teams who need to quickly respond to incidents and perform remediation to minimize damage.
  • Legal and brand teams who need to protect their brand equity and intellectual property.
  • The mobile app store manager who is responsible for approving apps and ensuring quality within his store.
  • The device manufacturer who needs to ensure the quality of the apps hosted on her devices and needs to maintain visibility over all these apps.