There’s an app for everything. From monitoring health to scanning documents, and with options to play, work, and communicate in every imaginable fashion, consumers are gobbling apps up like candy. These apps are a growing security threat to businesses, consumers, and even to app developers themselves.
Though the average smartphone contains dozens of apps, research shows that consumers only use 6-10 apps a week. This means that many consumers have apps on their devices that they do not even notice. And that provides plenty of room for the growing security threats posed by apps to infiltrate consumer devices, gather consumer data, and wreak havoc without consumers even noticing.
App developers must be aware of the mobile security apocalypse we may be headed toward. Seventy-five percent of mobile apps fail even the most basic security tests, but AppSolid aims to fix this.
A Challenge of Volume
In 2015, there were 1.5 million mobile apps available in the Apple store alone. Some were designed to be malicious. But in most cases, the threat is more subtle — hidden in malicious lines of code inserted by hackers until attack command is active, for example.
Just a few years ago, a new software release might be years in the making, commanding the work of hundreds of brilliant coders. The advent of mobile apps means that anyone can create a program and convince consumers to install it. No reasonable person actually believes that the millions of currently available apps have each gone through painstaking security testing or been designed by expert coders with good intentions.
Inexperienced developers may not be aware of emerging threats. But even the most skillful developers can’t be expected to remain on top of the constant threats facing mobile apps and the devices they use. The app marketplace is large, constantly changing, and dynamic, which means app stores inevitably contain thousands of potential threats each and every day.
An Avalanche of Sensitive App Data
Consumers who use apps believe that their information is private, often without even bothering to evaluate app security protocols. Because no one is physically looking over an app user’s shoulder, it’s easy for him or her to believe that no one can see the data shared with an app. And thus begins the security nightmare. Consumers routinely input a veritable avalanche of sensitive data into their apps.
That may include:
- Health care information, including medications, health history, and insurance information.
- Photos, documents, and family information.
- Credit card and bank account information.
Even an inexperienced hacker can use this information to hack devices, guess passwords, or even steal a consumer’s identity.
Access, Access, and More Access
This is a recipe for security disaster. Apps have access to consumers’ file systems and cameras. They also induce consumers to share a range of sensitive data. This level of access to information about consumers is unprecedented. It can be used to access banking and email passwords, to access and control other applications, and even to control consumer behavior.
Hacking Without Hacking
Hacking no longer requires coding experience or consumer passwords. Savvy criminals can “hack” consumer information without using traditional hacking approaches. Phishing schemes are a classic example by which hackers gain access to consumer passwords and other data simply by asking for them.
Apps that log sensitive data can later use that data to impersonate consumers. And behavioral hackers may impersonate customer service representatives, physicians, or even family members to induce consumers to give away sensitive information. The result is a security landscape that demands increased savvy from consumers just as it opens up access to apps to the least tech-savvy among us.
Real-World vs. Ideal App Usage
App developers often develop programs with the ideal consumer in mind: one who doesn’t store passwords, who never gives passwords out to third parties, and who diligently installs security updates. Most consumers don’t fit this description.
App developers must increasingly consider how consumers will use their products in the real world.
That includes contingency plans for:
- Managing customer data if a device is lost or stolen.
- Consumers who save their passwords in the app, who use the same passwords across all programs, who give out their passwords, or who create easily guessable passwords.
- Consumers who do not install routine security patches.
- Consumers who are ill-informed about security threats and therefore easy to fool into giving away sensitive data. Users who are new to smartphones, who do not spend much time on the Internet, and seniors who have not been educated about emerging security threats are particularly vulnerable.
- Consumers who install malicious apps with no awareness that may target other apps or the device itself.