Severe: the security risk to UK mobile app users

Poor security awareness, coupled with an insatiable demand for mobile apps, are placing UK consumers’ identities and devices at risk. A new nationwide survey commissioned by RiskIQ of 1,000 people across the country today has revealed that almost half (45%) of users do not scrutinise the app’s details, while 60% never or only occasionally review the privacy policy and permissions requested by the app before downloading.

Such a fast and carefree approach to mobile apps is leaving UK consumers vulnerable to cyber criminals seeking to infect the mobile devices and steal information from unsuspecting victims.

With 3.8 million cyber-crime offences reported in the UK last year, cyber criminals are capitalising on consumers’ poor security awareness. Despite the prevalence of malvertising as an attack vector, RiskIQ’s survey found that 45% have clicked on an advertisement promoting a mobile app, movie or game.

>See also: The mobile threat landscape

This is followed by over a third (37%) who have clicked on a link in an email, website or social media feed to download an app, movie or game. Consumers’ propensity to click through without thoroughly inspecting details such as the developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps.

Alarmingly, on more than one occasion, one in ten (12%) have mistakenly installed an app in the belief that it originated from a trusted source later to find out this was not the case.

Intrigued to find out more, Information Age spoke to Steve Ginty, researcher at RiskIQ, to find out more on the increasingly insecure world of mobile apps, the potentially damaging effects on the UK user, how to mitigate these risks and what demographic is most vulnerable.

What does RiskIQ do?

We are the leader in digital threat management, giving organisations unified insight and control over web, social and mobile exposures. Our platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand attack surfaces, assess risk, and take action against digital threats.

What is the current security threat facing UK mobile app users?

RiskIQ has commissioned new research looking at how consumers acquire new mobile apps. The results show that over half exhibit behaviours that put them at risk of malware infection and loss of personal information.

>See also: The UK app economy: it’s big but is it secure?

– 45% click on ads promoting apps.
– 37% click on links in emails, mobile web, and social media promoting apps.
– 45% rarely or never check the app details before downloading.
– 60% rarely or never inspect the T&C’s or permissions being requested during app installation.
– 53% reuse passwords across mobile apps.

The survey is statistically significant, with over 1000 participants across the UK.

How can users mitigate the risk?

First of all by understanding that there are malicious apps lurking in the app stores and by being more vigilant when finding and installing new apps; make sure you’re been directed to an official store, inspect the details about the app including developer information, number of download and any reviews, be suspicious of apps requesting permissions that are not needed for the app to perform its function.

What are apps biggest security vulnerability?

The biggest risk to users is that they download a legitimate app that has been modified or a fake app pretending to be official.

>See also: Why mobile apps are becoming destructive additions

What can app developers do to ensure apps are secure?

Adopting secure development practices and thoroughly testing apps for security exposures is a good start, but once apps are released into an app store or stores they need to be monitored to make sure they don’t get propagated to other secondary app stores, that they are not tampered with and that malicious actors have not created apps pretending to be them or claiming affinity to their brand in order to get users to download them believing them to be official.

Who is at greatest risk and why?

Our research shows that the younger users (millennials and GenX) are more at risk then older users (download more apps, less likely to review before installing) and females are slightly more at risk than males (same reason).

What solutions does RiskIQ suggest?

These research results are useful to consumers to increase their awareness in the potential dangers of acquiring new mobile apps. They also highlight the importance for organisations to police their apps and brands across the app store ecosystem.

Our digital threats for mobile solution is used by many well known brands to ensure a safe mobile experience for their customers.

 

Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security
Mobile Apps