It’s amazing to think back on the rapid proliferation of mobile technology over the past few years. Smartphones really only took hold with the introduction of the original iPhone in 2007, and yet, already mobile devices have become the most popular way in which consumers connect to the internet.
The current generation of young people can communicate and locate any information on a whim, cementing the current age as arguably our greatest era of technological achievement to date.
Yet, despite its natural appeal and undeniable convenience, mobile technology is not without its drawbacks, as mobile security statistics are beginning to reveal. The story they tell is actually one far more sinister and which very well may soar over the heads of unsuspecting consumers.
The rise of mobile applications has made it easier for developers to directly target mobile users and optimize their service accordingly, but the question remains: at what cost? The ease with which most consumers use their mobile devices is understandable, though it does open up a great number of security risks and other vulnerabilities.
After all, when users have the ability to log on to the so-called information superhighway from anywhere across the globe, this level of connectivity is bound to create some privacy issues. In fact, the more research is conducted on the world of mobile apps, the more we’re beginning to understand just how much of a concern mobile security really is.
So, to paint a more complete picture of the risks involved, let’s peek at some startling mobile security statistics that should inspire you to plan your app’s security a bit more carefully.
A Moving Target
In recent years, the frequency of security breaches has grown exponentially. Upwards of 1 billion records were breached in 2014, and information technology departments roundly consider mobile devices to be the leading cause of security leaks, placing smartphones and tablets as a greater danger to privacy than even social media.
Undoubtedly, this has to do with consumers’ using public wireless networks or 4G to access the web at home, in coffee shops or on the road. This creates a greater opportunity for loose protections to be in place, and indeed reportedly 25 percent of mobile devices fall victim to some kind of attack each month.
As mobile technology has become more and more pervasive, these figures are likely only to increase over time especially since consumer complacency appears to be at an all-time high.
Mobile malware rates rose 75 percent from 2013 to 2014, according to one study, with more consumers falling victim to the deception of malware scams. Vulnerabilities on Android devices increased 188 percent increase since 2011, with iOS taking the even bigger hit of a 262 percent increase. Part of this massive growth can be contributed to the fact that more consumers are relying on mobile devices for their internet use, but it underscores the very real problem that developers are not effectively protecting their apps from attack.
In fact, research shows that at least 75 percent of apps would fail basic security tests. No wonder mobile security has become such a hot-button issue in the past few years among industry professionals. With little focus on combatting these risks, the industry is sure to suffer in the long term, with consumer trust hanging in the balance.
While hackers are developing more sophisticated methods to hack into your system all the time, another popular way in which consumers find their personal data leaking into the world is through the loss or theft of their mobile devices.
Consider this: recent research has said that a laptop is stolen somewhere every 53 seconds.
Mobile devices are smaller, lighter, and far more likely to fall out of pockets or get accidentally left behind. So it shouldn’t surprise anyone to learn that missing mobile devices are something to be genuinely worried about. Some figures declare that around 70 million smartphones are lost annually, and even more concerning, a measly 7 percent are ever found and returned to their owners.
Think about that for a second, and you’ll realize just how easy it is for your sensitive data to be misplaced.
Each year, so many mobile devices go missing, and consumers may even be oblivious to the very real security risk this entails. While you’re out shopping for a new Android or iPhone, some mysterious figure could be poring over your personal information, engaging in identity theft or other fraudulent activities as a result.
Armed with your missing or stolen device, such actions are all too easy for those with questionable agendas. The security risk is even more dangerous for companies who deal in confidential, potentially damaging information. More than 4 percent of company-issued smartphones go missing each year, meaning that executives are routinely targets of criminals looking to exploit this data.
The business world in particular is a troubling area of mobile theft, as 52 percent are stolen from the workplace and 24 percent from professional conferences. Even in an environment as seemingly safe as the office, be sure to keep a close eye on your mobile devices.
So, with all the risks associated with mobile devices in the workplace and beyond, you might think that companies are taking the necessary precautions to prevent such activities from taking place.
As it turns out, the numbers indicate that one in three companies doesn’t even have a written information security policy. That doesn’t exactly bode well for all those company-issued mobile devices floating around out there. In fact, less than half are equipped with an incidents response policy, and only 59 percent have established policies for user access.
And, if a data breach or cyberattack does occur, a disappointing 34 percent of companies are prepared with a crisis response plan designed to minimize damage and contain the security leak that will surely impact both their employees as well as the greater business itself.
Even in industries that theoretically should know better, barely over half of professionals in healthcare, information technology and information systems have tested their responsiveness to a data breach. So if these businesses experience any form of security breach, it’s possible that the delicate information they handle could make its way into the world and lead to troubling consequences for the businesses in question and, thusly, their customers.
With less than 40 percent of organizations regularly scanning for vulnerabilities in their system, the responsibility is falling on app developers to institute some basic measure of security protection to keep their users, be they commercial or otherwise, safe from the looming danger that hackers present. Even so, there’s only so much that can be done without the cooperation of the corporate world itself.
In the past few years, cyber-attacks have become an all too common occurrence. Each year, they seem to multiply in scope, if not in frequency. The numbers don’t lie.
In 2015, 270 data breaches occurred, and though this is a small figure than in some previous years, bear in mind that these are only those that have been publicly acknowledged.
Moreover, that figure encompasses an astounding 159 million sensitive data records, leaving more than double the users and companies vulnerable than the previous year. Believe it or not, more than 6 million of these were compromised accidentally, indicating that protection is necessary not only to prevent attacks but also to guard against human error.
Accidental release of confidential information is even easier to occur when it comes to mobile devices, as that constant connectivity has proved to be both a blessing and a curse to many organizations in the industry.
It remains to be seen how accurate the number of publicly acknowledged data breaches reflects the truth behind actual leakage occurring on a daily basis. Whenever the threat comes from inside an organization (more on that in a moment), companies are far less likely to come forward, in an apparent attempt to save face and prevent damage to their reputations.
There’s reason to believe that the numbers then are radically skewed, and as developers, the best thing you can do is to treat mobile app security as the priority it rightfully should be. Without any built-in precautions against hackers and other malicious users, the wealth of sensitive data out there is simply waiting for the right individual with a dark purpose to pounce on it, causing untold harm to potentially millions of users.
It’s simply not worth the heartache of dealing with the aftermath of one of these hundreds of massive data leaks. Don’t be a statistic when some simple actions in your coding will suffice.
The Danger Inside
When most people think of those criminal individuals who prey on mobile apps -- searching for and exploiting security vulnerabilities -- they tend to envision some nefarious hacker or group of them who are committed to making a living on the back of people and companies with whom they have no association.
Often, the exact opposite is true. In some cases, insiders are most commonly responsible for security breaches. Research shows that 57 percent of survey respondents credited employees with a given cyber-attack, and current or former employees were attached to as much as 72 percent of security incidents within financial services organizations themselves.
It’s a terrifying realization that such breaches (whether stemming from mobile devices or not) can be the work of those you trust, but that’s all the more reason why you should build protections into your app, for the benefits of all those who use it.
Not surprisingly, the number one reason for insiders to take these actions is for financial and personal gain, including those looking to take stolen data to launch their own competitor. Many companies (75 percent, in fact) prefer to deal with these crimes internally, exercising their own form of discipline rather than turning to law enforcement.
Even if this scenario doesn’t sound like it could involve your app, you might be surprised by how widespread cyber-attacks designed to perpetrate financial or identity theft truly are. While not all apps are used in these kind of corporate situations, the data housed within your app -- and subsequently the mobile device itself -- may be able to be misused for criminal means.
Access controls and other restrictions should play integral roles both in your app’s development as well as its functionality. Your app is the first line of defense to combat hackers and keep cyber-attacks at bay.
While we understand if the above discussion about mobile security statistics may alarm you, there’s no need to launch into a panic. Sure, the risks associated with regular use of mobile devices are worth your attention and certainly your concern.
However, this doesn’t mean you need to scraps plans to develop the next big iOS or Android app for fear that your code and sensitive user data will leak into the wrong hands. The internet itself is the real culprit for the ongoing security risk, with mobile technology simply escalating the vulnerability for consumers.
As developers, it is your responsibility to take precautions in building an airtight mobile app security strategy into your code from the ground up.
Thankfully, our new eBook, “The Developer’s Guide to Mobile App Security,” gives you the concise, comprehensive details you need to inform your approach to app security. We’ll delve in-depth into the widespread danger that hackers pose to your projects, the can’t-miss tactics you need to employ to guard against the malicious users hoping to exploit your work and the best practice you should have in place to minimize your app’s chances of falling victim to a security breach.
It’s the resource that every developer should have at their disposal, preferably before traveling too deeply into the development process. But even if your app has been live for years, it’s never too late to fortify your defenses.