Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.
BitSight reviewed over 1,000 companies and 10,000 apps in the business services, finance, technology, education and media/entertainment sectors with apps on iOS and Google Play, to uncover which industries were most often faced with app security challenges. The apps were tested for known security vulnerabilities and issues, such as data leakage, privilege abuse, unencrypted personal information and credential theft.
Media and entertainment companies had the highest percentage of apps that failed high severity tests (over 50%!) Over 30% of education companies, and 25% of finance companies offered risky mobile apps, which could place student data and financial information at risk of unauthorised access.
The most common vulnerability in business services and education apps that failed vulnerability testing was not encrypting end-user data (which includes your phone’s IP address). Over 10% of media/entertainment and education apps that failed were not encrypting end-users’ location data, and over 30% were not encrypting users’ device IDs.
On the other hand, Allot analysed the “threat landscape” which has seen cybercrime become a global “industry”. Over four months, Allot collected data from four mobile operators in Europe and Israel, who protect over 7 million subscribers. During this period, they found 1.73 billion mobile protections were activated, an average of 2 protections activated per user per day! Most commonly blocked threats included adware (over 100 million activated protections) and cryptojacking – cryptomining malware, with almost 1 billion activated protections. A spike in cryptomining malware coincided with the increased interest in cryptocurrencies.
With the number of smartphone subscriptions now at 2.6 billion globally, cybercrime targeting our mobiles is only likely to increase. This evolving threat landscape requires both companies and users to employ adequate security measures to protect their technologies.