The dark side of apps

1 September 2019 Information Security

Mobile device security threats are on the rise and it’s not hard to see why. In 2019 the number of worldwide mobile phone users is forecast to reach 4.68 billion, of which 2.7 billion are smartphone users. So, if you are looking for a target, it certainly makes sense to go where the numbers are.

Think about it, unsecured Wi-Fi connections, network spoofing, phishing attacks, ransomware, spyware and improper session handling – mobile devices make for the perfect easy target. In fact, according to Kaspersky, mobile apps are often the cause of unintentional data leakage.

“Apps pose a real problem for mobile users, who give them sweeping permissions, but don’t always check security,” says Riaan Badenhorst, general manager for Kaspersky in Africa. “These are typically free apps found in official app stores that perform as advertised, but also send personal - and potentially corporate data to a remote server, where it is mined by advertisers or even cybercriminals. Data leakage can also happen through hostile enterprise-signed mobile apps. Here, mobile malware uses distribution code native to popular mobile operating systems like iOS and Android to spread valuable data across corporate networks without raising red flags.”

In fact, according to recent reports, six Android apps that were downloaded a staggering 90 million times from the Google Play Store were found to have been loaded with the PreAMo malware, while another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30 million Android devices. Surveillance malware was also loaded onto fake versions of Android apps such as Evernote, Google Play and Skype.

Considering that as of 2019, Android users were able to choose between 2.46 million apps, while Apple users have almost 1.96 million app options to select from, and that the average person has 60-90 apps installed on their phone, using around 30 of them each month and launching 9 per day – it’s easy to see how viral apps take several social media channels by storm.

“In this age where users jump onto a bandwagon because it’s fun or trendy, the Fear of Missing Out (FOMO) can overshadow basic security habits – like being vigilant on granting app permissions,” says Bethwel Opil, enterprise sales manager at Kaspersky in Africa. “In fact, accordingly to a previous Kaspersky study, the majority (63%) of consumers do not read license agreements and 43% just tick all privacy permissions when they are installing new apps on their phone. And this is exactly where the danger lies – as there is certainly ‘no harm’ in joining online challenges or installing new apps.”

However, it is dangerous when users just grant these apps limitless permissions into their contacts, photos, private messages, and more. “Doing so allows the app makers possible, and even legal, access to what should remain confidential data. When this sensitive data is hacked or misused, a viral app can turn a source into a loophole which hackers can exploit to spread malicious viruses or ransomware,” adds Badenhorst.

As such, online users should always have their thinking caps on and be more careful when it comes to the internet and their app habits including:

Only download apps from trusted sources. Read the reviews and ratings of the apps as well.

Select apps you wish to install on your devices wisely.

Read the license agreement carefully.

Pay attention to the list of permissions your apps are requesting. Only give apps permissions they absolutely insist on, and forgo any programme that asks for more than necessary.

Avoid simply clicking “next” during an app installation.

For an additional security layer, be sure to have a security solution installed on your device.

“While the app market shows no signs of slowing down, it is changing. Consumers download the apps they love on their devices which in turn gives them access to content that is relevant and useful. The future of apps will be in real-world attribution, influenced by local content and this type of tailored in-app experience will lead consumers to share their data more willing in a trusted, premium app environment in exchange for more personalised experiences. But until then, proceed with caution,” concludes Opil.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...
New tools for investigation and robust infrastructure security
News & Events Information Security
Cybereason continues to enhance its security platform, with recent updates introducing improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Read more...
Acronis’ True Image returns
Information Security Smart Home Automation
Acronis has announced its flagship product, Acronis Cyber Protect Home Office, is reverting to its original name, Acronis True Image, with the new version release.

Read more...
Panasonic Industry offers multi-tier Matter Certificate Service
Smart Home Automation IoT & Automation
Panasonic Industry Europe is now offering PAN-MaX, a multi-tier Matter Certificate Service designed for device manufacturers selling in the smart home market, to simplify Matter enablement for smart home devices.

Read more...
Same old cables, new intercom
Hikvision South Africa Products & Solutions Access Control & Identity Management Residential Estate (Industry) Smart Home Automation
Retrofitting old residential complexes with a modern two-wire HD video intercom system is more than an upgrade. For many homeowners and renters, these systems represent a leap into the future.

Read more...