External Threat Management

RiskIQ’s 2019 Mobile App Threat Landscape Report: The Mobile Ecosystem Swells, but Google Leads a Decline in Malicious Apps

The digital revolution is causing businesses to invest significantly in mobile not only to make more frequent and meaningful interactions with consumers but also to feed a ravenous demand. Users downloaded over 200 billion apps in 2019 and spent more than $120 billion in app stores worldwide. In 2020, consumers will surpass those marks, as mobile usage takes up more and more of our daily lives—3.7 hours on average and rising, according to App Annie.

Although mobile apps help drive business, the mobile app threat landscape is a significant portion of an enterprise’s overall attack surface that exists beyond the firewall, where security teams often suffer from a critical lack of visibility. Threat actors have made a living taking advantage of this myopia to produce “rogue apps” that mimic well-known brands and are purpose-built to fool customers into downloading them. These imposter apps are an effective tactic because our brains recognize and make instantaneous judgments about visual stimuli. Once downloaded, they can phish users for sensitive information or upload malware to their devices.

On rare occasions, these rogue apps appear in official stores, even breaching the robust defenses of the Google Play and the Apple App stores. However, there are hundreds of less reputable app stores within the mobile app threat landscape, that represent a murky mobile underworld that exists outside of the relative safety of major stores. With many of these apps found in stores hosted in countries known for cybercrime, such as China, or outside of stores altogether on the open web (often referred to as feral apps), it’s no wonder CISOs can’t keep tabs on them. However, for businesses, even though they don’t own or manage these apps, they’re still a part of their attack surface and thus are responsible for detecting and addressing them.

With a proactive, store-first scanning mentality, RiskIQ observes and categorizes the mobile app threat landscape as a user would see it, monitoring both the well-known stores like the Apple App Store and Google Play, but also more than 120 others around the world. RiskIQ also leverages daily scans of nearly two billion resources to look for mobile apps in the wild. Every app we encounter is downloaded, analyzed, and stored so that we can record changes and new versions.


The report found Blacklisted Apps were on the decline, possibly led by efforts by Google.

RiskIQ's 2019 Mobile App Threat Landscape report is an analysis of this murky mobile app underworld spanning the open web and app stores around the world. Drawing from our daily scans, we highlight where threat actors focused their efforts in 2019 as well as trends that may carry into 2020.

Download the report for a snapshot of 2019's mobile threat landscape and dive into emerging trends we anticipate carrying into the 2020s. Also discover:

  • The percentage growth of the mobile app landscape.
  • The percentage of change in dangerous apps between 2018 and 2019.
  • The top-three most prolific app stores in 2019, and where they come from.
  • Why Feral apps are almost always dangerous.
  • The six most prolific app stores of blacklisted apps in 2019, and where they reside.

Get the Report>>

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor