If you think your mobile app is safe to download just because it comes from Google or Apple stores, think again. A staggering report has shown that 85% of all mobile apps violate some form of safety standard.
These had at least one security flaw out of the Open Web Application Security Project (OWASP) Mobile Top 10, meaning they could be opening you up to a cyber-attack. In fact, one of the areas that is quickly becoming a haven for malware is cybersecurity apps themselves.
Apps found to be improperly collecting and storing data
The biggest offender when it comes to these insecurities is with improper data storage and collection. This means that the apps are collecting data, sometimes without the user’s knowledge, and storing it in a manner that leaves it open to data breaches and hacking.
This is especially troubling with the recent passage of the General Data Protection Regulation (GDPR), a European Union (EU) ruling that punishes companies with steep fines if they violate a customer’s right to privacy by improperly storing data.
Communication with apps is another area of security concern
The second biggest area where there was a problem is with communication. Many apps are still using HTTP instead of the more secure HTTPS, meaning the transfer of data from one device to another (such as with mobile messaging) may be open to intercepting hackers. In most of these studies, Android-based apps were bigger offenders than iOS apps.
Apps you depend on for work or business are part of the problem too
One of the big problems with these vulnerabilities is that the apps aren’t just games or “fun” software that you put on your phone to play around with. In fact, many of these apps are claiming to keep you safe while actually taking advantage of you. For instance:
- Apple recently removed three Trend Micro apps for suspicious activities. These apps all claimed to find and remove malware that might infect your mobile device. As part of this, the apps were taking “snapshots” of the user’s browser history and storing the data. This raised red flags with Apple as this type of data collection did not seem necessary for the apps to function properly and may have constituted an invasion of privacy. The company has since removed this function on the apps;
- Over 20 million Google Chrome users downloaded a malicious browser extension that was meant to block ads;
- Many users are turning to Virtual Proxy Networks (VPNs) for security as these encrypt your device and reroute your connection to keep it more secure. However, almost 20% of VPNs for mobile devices did nothing to encrypt the data and were useless because they gave the users a false sense of security; and
- Some of the more recent virus protection apps have actually allowed spyware to be installed on mobile devices.
How are users supposed to protect themselves from these types of dangerous apps?
The best advice is only use approved apps for your device and limit yourself to “safe” websites that don’t engage in malicious or suspicious activity. If you do that, the pre-loaded security software is probably sufficient. If you do use an antivirus package, then make sure that it’s well-vetted and reviewed and not designed by a “fly-by-night” company that doesn’t have a lot of positive reviews and downloads.
In this age, it’s essential to protect yourself when you’re working and browsing the Internet. This includes protecting your tablet or smartphone. However, if you’re not careful with what you download, you may wind up with an app that does more harm than good.
Would you like help preparing for data protection and cybersecurity? Get a free consultation from RadiusBridge to talk with one of our experts.