These days, mobile security is top of mind for consumers and businesses alike, and for good reason—the mobile channel is ubiquitous and provides cyber threat actors a vast attack surface to target.

At home, 82 percent of online users in the United States used a mobile device for online shopping, with 35 percent being mobile-only online shoppers. In 2020, U.S. mobile retail revenues are expected to amount to 339.03 billion U.S. dollars, up from 207.15 billion U.S. dollars in 2018.

At work, employees use their phones on the company network and access sensitive corporate data every day. Even the way users interact with mobile devices is risky, as the smaller screens and simpler UIs make it easier for users to make more impulsive, uninformed decisions which increase their susceptibility to social engineering and fraud.

To highlight the mobile cyber threat landscape in the first quarter of 2019, RiskIQ published our Mobile Threat Landscape Q1 2019 report, which highlights our coverage of over 120 mobile app stores around the world, and our scans of nearly two billion resources looking for mobile apps in the wild. For the second-straight quarter, RiskIQ added over two million new apps to our database, partially due to RiskIQ’s ever-expanding list of monitored mobile app stores, but also because of the continued explosive growth of the mobile app market.

Additionally, Q1’s report includes a review of 2018’s mobile landscape, which demonstrates that the past 18 months have proven that even the savviest of users must be discerning and skeptical when downloading anything. Findings highlight ways in which Magecart, the infamous syndicate of credit-card skimming groups, assaulted retailers via mobile, including British Airways, which involved the compromise of the company’s mobile app. It also highlights the trend of blacklisted apps masquerading as or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just “cryptocurrency” in general.

Q1 2019 key findings include:

• 2,263,268 new apps, 123,415, or nearly 6%, more than were observed in Q4 2018.  
• The number of blacklisted apps in the Google Play Store dropped for the second consecutive quarter and has fallen nearly 64% since Q3 2018.
• Over Q4 2018 and Q1 2019, nearly 38,000 apps offered by Google were blacklisted, over 20,000 more than the next most blacklisted store, 9Game.com.
• 96% of apps in the 9Game.com and 30% of apps in ‘Vmallapps’ were blacklisted, and nearly half of all feral apps were found to be malicious.  

Security teams need a solution that helps them quickly find, analyze, and mitigate cyber threats to their official, unofficial, and rogue mobile apps, and take corrective action with app stores from inside the platform. By discovering apps across hundreds of mobile app stores and monitoring them for malware or compromise, security personnel can maintain a secure mobile presence as well as the trust of their customers and prospect.

RiskIQ continuously scans hundreds of mobile app stores and millions of apps to safeguard your brand reputation and customers by detecting malware, application tampering, and brand impersonation. For each customer, RiskIQ creates a complete inventory of mobile assets that are related to the bank, official and unknown, across the global mobile app ecosystem. This process includes monitoring for new apps, existing apps, app updates, and rogue or fraudulent apps.

For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q1 2018 Report here.