Each year, businesses invest more in mobile as the lifestyle of the average consumer becomes more mobile-centric. Mobile growth exploded in 2020, with the COVID-19 pandemic advancing mobile adoption "by at least two to three years." According to App Annie, due to the pandemic, Americans are now spending more time on mobile than watching live TV, and social distancing has caused them to migrate more of their physical needs to mobile. App Annie also shows that mobile spending grew to a staggering $143 billion in 2020, year over year growth of 20%.
This ravenous demand for mobile creates a massive proliferation of mobile apps. Users downloaded 218 billion apps in 2020 and spent more than $240 billion in app stores worldwide. Meanwhile, RiskIQ noted a 33% overall growth in mobile apps available. For organizations, these apps drive business outcomes. However, they can be a dual-edged sword—the app landscape is a significant portion of an enterprise's overall attack surface that exists beyond the firewall, where their security teams often suffer from a critical lack of visibility.
Rogue Apps are a Huge Blind Spot
Threat actors have made a living taking advantage of this myopia to produce "rogue apps" that mimic well-known brands or otherwise purport to be something they're not, purpose-built to fool customers into downloading them. Once an unsuspecting user downloads these malicious apps, threat actors can have their way, phishing them for sensitive information or uploading malware to their devices.
These rogue apps appear in official stores on rare occasions, even breaching the Google Play and Apple App stores' robust defenses. However, hundreds of less reputable app stores represent a murky mobile underworld outside reputed stores' relative safety. Apps in these stores are far less regulated than official app stores, and some are so overrun with malicious apps that they outnumber their safe offerings.
Many of these malicious apps are available in stores that reside in countries known for cybercrime, such as China, or outside of stores altogether on the open web (often referred to as feral apps), making it extremely difficult for security teams to keep tabs on them. However, that doesn't mean businesses are off the hook. Even though an organization doesn't own or manage a copycat app, it's still part of its attack surface because it's leveraging its branding and targeting its prospects, customers, and employees. Security teams must detect and address them.
The 2020 Mobile App Threat Landscape
With a proactive, store-first scanning mentality, RiskIQ observes and categorizes the threat landscape as a user would see it, monitoring both the well-known stores like the Apple App Store and Google Play and more than 120 secondary stores around the world. We also leverage daily scans of nearly two billion resources to look for mobile apps in the wild. Every app we encounter is downloaded, analyzed, and stored to record changes and new versions.
In our latest mobile threat research, we give a snapshot of 2020's mobile threat landscape and dive into emerging trends we anticipate carrying into 2021.
By any measure, the mobile landscape is getting bigger, busier, and more complex. RiskIQ cataloged 33% more apps worldwide in 2020 than in 2019. China remains the largest app market, accounting for 40% of consumer app spending, and research found that the top three most prolific app stores in 2020 were Chinese, ahead of both Google and Apple.
Although new threats arose to take advantage of events such as COVID-19 and the election, it appears the mobile app ecosystem got safer overall in 2020. RiskIQ's Internet Intelligence Graph cataloged 30% more apps in 2020 but noted only 102,312 blacklisted apps, more than 67% fewer than in 2019.
Many threat actors seemed to eschew app stores altogether. In 2020, RiskIQ data showed that Feral apps were responsible for the most blacklisted apps. Despite blacklisted apps falling 67%, blacklisted feral apps rose nearly 58%.
Get the Data, Protect Your Attack Surface
This hidden mobile threat landscape is a branding and consumer trust nightmare for businesses. Even though an organization doesn't own or manage a copycat app, it's still part of its attack surface because it's leveraging its branding and targeting its prospects, customers, and employees. Security teams must detect and address them.
Extending security and IT protection outside the firewall requires mapping these billions of relationships between the internet components belonging to every organization, business, and threat actor on Earth. These include mobile apps. RiskIQ built our Internet Intelligence Graph to prepare enterprises for this reality by enabling them to discover unknowns across their attack surface and investigate threats to their organization.
RiskIQ provides both detection data of these malicious apps and tips for spotting them. For specific metrics or to learn more, download the 2020 RiskIQ Mobile Threat Landscape report here.