Three trends have emerged during the last year or so that make reliable mobile app security impossible to ignore.
So, if you have a mobile app that’s vital to your growth strategy, read on.
We’ll explain what’s at stake and what you can do about it.
Mobile apps for everything, everywhere
According to App Annie, mobile adoption grew in 2020 at a rate you’d typically expect in a 2-3 year period. Covid-19 played a key role of course - more on this later - but it’s still a striking statistic.
And we’re not only talking about Millenials or Gen Z app users here. Baby Boomers have been increasing their usage, too. The type of app might be different - think Nextdoor rather than TikTok - but eyes have been glued to smartphone screens regardless of the user’s age.
This is the first of our 3 trends. An insatiable appetite for mobile apps that shows no signs of slowing. Indeed, when you consider that the more remote world that Covid-19 has created is likely to be a permanent rather than temporary feature of our lives, the collective demand for apps is only going to increase. Especially when you see how well this desire aligns with other trends that were already in motion such as the internet of things.
But it isn’t only consumers who are becoming reliant on mobile apps. And this brings us to trend number two - the increasing importance of apps to business success.
When a mobile app is the whole business
Companies have seen how much we love using mobile apps and have decided we might like to carry out even more of our daily activities there. So now it’s perfectly normal to bank via apps. We have virtual doctor’s appointments on them. And we get notifications from our favourite stores when we’re nearby so they can tell us about a relevant offer.
This enables us to better manage our increasingly hectic lives with a few simple swipes of our fingertips. But a lingering doubt remains. Are businesses and end users alike still feeling their way into their more digital relationship?
Mobile banks are a perfect example of this uneasy shift. In the past, people had a more personal relationship with their bank. Their loyalty might have been based on years of reliable service or even in-person conversations with a trusted bank manager. For the modern day mobile bank it’s a very different dynamic. Not least because the human face has been replaced by an interface.
And that means the more traditional ways a company would build trust simply aren’t there anymore. The mobile bank’s entire success depends on the app itself. Specifically, how secure it is against sophisticated cyber attacks.
Most mobile banks are relatively small, scaleup companies. Some of them are barely breaking even. In other words, they’re not the established, super-profitable and powerful banks of old that boasted deep roots across society. If a mobile bank were to suffer a security breach, they’d be very much alone.
This only adds to the sense that the end result of such a breach would likely be catastrophic to their future growth.
Yet despite the risk, studies have shown that mobile banking apps are still highly vulnerable to attacks. One such study from 2020 highlighted that most mobile banking apps weren’t hardened robustly enough. They had little protection against malicious code injection and repackaging, and they had neither protection against decompilation nor name obfuscation for methods and classes.
If you imagine a mobile banking app as a house, this is akin to you leaving your windows open while you’re away for the weekend.
To some passersby with bad intentions, that’s far too good an opportunity to miss.
The evolution of the hacker
Speaking of bad intentions, enter the hacker from stage left. The evolution of the cybercriminal during the coronavirus pandemic is the third of our converging trends.
We mentioned earlier that the increase in mobile app usage in the past year is linked to Covid-19. Well, it’s safe to say the pandemic has secured our phone’s role as a kind of second brain. Not only has it fulfilled our need to find answers about the pandemic, but also our desire to escape it.
Hackers understood this pretty early on. If the mobile phone was where we were spending our time, that’s where they’d be.
If we were seeking the advice of authorities, then they’d use social engineering tactics to imitate those authorities.
And so a flood of messages began pinging on our phones. Cybercriminals pretending to be our bank, our energy supplier, or even a healthcare authority offering Covid-19 tests and vaccinations. The aim of these messages was to get us to click on a link laced with malware.
Sadly, a lot of people did just that. According to a Deloitte study, almost half of us fell for a phishing scam while working from home during the pandemic.
But threats are everywhere - not only inside the home. When societies tentatively opened up again in late summer of 2020, the mobile somehow became even more central to our lives. Before we knew it we were scanning QR codes and downloading apps that enabled us to order in bars and restaurants. In other words, there were even more opportunities for an uninvited guest to slip through the net.
The healthcare industry began to be targeted, too. This is yet another example of cybercriminals being skilled at spotting vulnerabilities and taking advantage of them. In this case a sector overwhelmed and too busy fighting fires to invest in cybersecurity.
What you can do to counter the threat
Combined, these three trends should set the scene for any business with a critical mobile application.
This is the landscape that you’re operating in. This is what’s at stake.
Your customers will assume that your app is safe to use. If it isn’t and you suffer a breach, then any trust they did have in you would vanish overnight.
But while we feel it’s vital you understand the risks your app is up against, it is possible to take actions to keep them at bay. The key is to accept that it’s a wild world out there and then take the appropriate steps.
Regulations are now commonplace - particularly in the financial industry - that encourage developers of applications to apply robust protection to prevent cyber attacks.
And this is the most important step you can take. Mobile app protection can secure your application against static and dynamic analysis. It can prevent tampering. It can check for signs of rooting, jailbreaking, hooking and debugging. And it can help to stop man-in-the-middle attacks.
But mobile app protection is just one natural conclusion that comes from thinking about security from the beginning of the development process and using security by design principles. When we speak with companies who are starting to think about security for their app, this is what we tell them to do.
We also tell them to create a sturdy risk model. This involves putting yourself in your end user’s shoes. It even means imagining yourself as the hacker so you can spot security vulnerabilities they might target.
In other words, security is often about having empathy.
There’s a reason why people have embraced mobile apps so readily. You just have to make sure that your end users can continue to do so safely.
Get your security right and you’re all set to build your reputation and grow your business.
Find out about DexProtector, our mobile app security solution. It secures the dark spaces between your app and the OS in order to stop sophisticated attacks.