In an almost exclusively work from home environment, the daily usage of mobile apps has exploded. The implication being that the increase in daily usage makes mobile apps a much more attractive target for hackers, resulting in an increase in the number of cyberattacks.
Back in December 2019, our company was in the midst of our annual planning cycle, prophesying with our pens our development and marketing plans for the year. Maybe you and your company went through something similar. Since then, things have changed.
With people being directed to stay home because of COVID-19, there has been an impact on how we work. There has been explosive growth in the daily usage (adoption) of remote communication, education, collaboration and entertainment technologies, specifically we’ve seen a huge increase in downloads and usage of mobile apps.
According to data from Apptopia, there has been an unprecedented growth in downloads of mobile apps since stay at home orders were issued globally.
Figure 1 shows the relative growth in mobile downloads as compared to the average number of downloads at the start of the year. For example, Zoom experienced a growth rate topping 5400% percent over three months, which is no surprise to anyone.
But how about going beyond the downloads, looking into daily usage trends? Has COVID-19 encouraged people to use mobile apps more often? Yes. An article from the App Annie team validates that, citing a 20% year over year growth for the time spent in both gaming and non-gaming mobile applications for Q1 2020. The same study cited respective growths of weekly hours spent in non-gaming apps for the United States (10%), Italy (30%) and the United Kingdom (5%) when comparing Q1 2020 data to Q4 2019.
But not all apps are being used equally. As you would expect, the growth in mobile app usage is not universal. For example, sports news apps and travel apps have seen significant drops in usage, but overall, the trend is clear: There is explosive growth in mobile app usage, and we can expect the reverberations from this shift to continue.
Back in December 2019, we couldn’t have foreseen this, but now that data proves what we’ve all been thinking: the times are changing.
The facts are in
On June 10th, 2020, the FBI issued a public service announcement about the real threat of cyberattacks increasing due to the increase in the daily usage of mobile apps.
In the announcement, the FBI warns that studies show that since the beginning of 2020, there was a 50% increase in the use of mobile banking. With this increase, the FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.
At the same time, Positive Technologies published a report in which they surveyed 14 mobile banking apps. Among their findings, Positive Technologies found that:
- In 13 out of 14 apps, attackers can access user data from the client-side.
- All 14 of the studied banking apps lacked either code obfuscation or protection against code injection.
From both the FBI’s public service announcement and the Positive Technologies report, we can expect a rise in attacks against mobile financial apps due to increased usage and the fact that many of these apps do not have sufficient defenses in place. What this tells us is that mobile app protection is more essential than ever. This projected increase in attacks against financial apps likely means trouble for all developers of mobile apps. Once hackers refine their skills against banking apps, it’s a small jump to attacking other forms.
If you are concerned about the security and vulnerability of your mobile app, Irdeto is offering a free trial of its app security solution, Trusted Software. Start your evaluation here. It’s quick and easy.
Do I need to protect my app even if it doesn’t contain any secret technology?
Why does the Positive Technologies report identify lack of code protection as an issue? If you have critical intellectual property ingrained in the mobile app, the need to protect this is obvious. But what if you don’t have any key technology integrated into your app. Is it worth the trouble to protect it?
It turns out that there is a need for app protection even if it doesn’t contain any intellectual property. In an earlier blog, we referenced Jane Manchun Wong’s twitter feed. In one of her latest exploits, she uncovered that an app was about to add two-factor authentication and managed to lock herself out of her own account while trying out the feature 12 days early. In this case, it was all in good fun, but imagine if one of your competitors got early insight into product direction prior to official marketing announcements.
In another case, the Irdeto team reverse engineered an Android app and discovered hard-coded credentials which could have been leveraged to understand the Ad framework used and the price paid per impression to the app. Imagine the competitive disadvantage if your competitors knew exactly how much advertising revenue was being gained from your app and how much the app was making per impression.
Lastly, we can look in the news today. What if a competitor reverse engineered your app to leak details around the user analytics or SDKs in order to damage your brand?
Curious to know more about app protection? Download Irdeto’s white paper here
What does this mean?
In short, it means that we know from market reports that more and more people are using mobile apps. This is highly likely to increase the number of attacks and a large percentage of mobile apps today don’t use any form of software protection.
If you have key intellectual property or data in the mobile app, the need for software protection is obvious, but there are a lot of additional reasons to apply protection. Ranging from preventing the early release of upcoming features, to securing and protecting sensitive commercial relationships, and to protecting secondary functions within your app from analysis and resulting brand damage.
In the past, software protection was nice to have, but with the increased focus on mobile apps by hackers, you can bet that software protection is now a necessity.
Learn more about the necessity to protect apps, download Irdeto’s white paper — Apps are the new endpoints, how about their security?
We are offering a free trial of Trusted Software, click HERE to start it now.