Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
April 6, 2017, Mike Browning
Mobile apps are the front lines of the global battle against mobile threat actors. The ubiquitousness of mobile apps across mobile devices and the relative ease at which they can be built, copied, or compromised makes them a frequent target for cybercrime—and the current state of mobile user behavior isn’t helping.
With millions of apps to choose from across app stores all over the world, malicious apps can easily blend in with their benevolent lookalikes. According to App Annie’s Retrospective 2016 report, there were 90 billion mobile apps worldwide last year, representing 15 percent growth over the prior year. And, unfortunately, it’s not just the security-conscious set who download mobile apps: eMarketer estimated that roughly 98% of US smartphone and tablet app users ages 14 and up would install at least one app in 2016, a wide range of users that’s only growing wider. By 2020, eMarketer projects the number of smartphone and tablet app installers will reach 219.9 million and 144.2 million respectively, up from nearly 185 million and 126 million in 2016.
The risks are real: of RiskIQ’s Global Mobile Database, nearly five percent are blacklisted as malicious or fraudulent. Recently, RiskIQ research* found one in 10 mobile apps out of the 5,315 related to Black Friday in global app stores is blacklisted (unsafe to use) as malicious in our Black Friday eCommerce Blacklist Report, as well as hundreds of fake apps related to romance and dating in our Valentine’s Day Mobile Dating App report.
To better understand the inconsistent mobile safety practices among these consumers at risk of being targeted by threat actors on their mobile devices, RiskIQ commissioned Ginger Comms to survey 1,000 U.S. and 1,000 U.K consumers aged 16 to 60+, specifically focusing on smartphone and mobile app usage. The survey was conducted during February and March 2017. The resulting report shows that over half of all respondents regularly display behaviors that put themselves at risk:
Examples of Suspicious Apps:
Fig-1 This dating app leveraging a URL linking to OkCupid in the description does not quite sound like it was created by a professional…
Fig-2 This Halloween-themed app calls for 128 different permissions. Why would a Halloween arcade game need access to texts (android.permission.SEND_SMS), calls (android.permission.PROCESS_OUTGOING_CALLS), or the ability to remotely wipe your phone (android.permission.BRICK)?
With so many careless users and users lacking mobile security acumen, businesses must take it upon themselves to fight the mobile threat actors fraudulently leveraging their brand. Mobile threat actors develop and highjack fraudulent and unauthorized apps designed to divert users, distribute malware, and steal customer or company data are a critical security issue that affects almost every organization.
For an in-depth analysis of mobile behavior, download Appsession: Is our Appetite for Mobile Apps Putting us at Risk?, a RiskIQ Mobile Consumer Report here. Find out more about how RiskIQ can help you protect your mobile presence here.
*The source of RiskIQ’s Blacklists is our collection of internet data, which our collection architecture of virtual users gathers by scanning, crawling, and passive-sensing the internet—including web pages, mobile apps and stores, and a variety of social websites and apps. RiskIQ’s crawling technology covers more than 300 million mobile devices, 1.8 billion HTTP sessions, 783 global locations across more than 100 countries, 16 million mobile apps, and 300 million domain records.