According to new research, 92% of the top 100 Apple iOS (iPhone) apps have been hacked and repackaged. The figures for Android are at 100%. The caveat, though, is that this applies to apps downloaded from third-party sites. In other words, not Apple’s App Store and not Google’s Google Play. Long story short: if you’re considering BYOD security, you must educate users (and possibly look for whitelisting tools).
If you read the research paper, “State of Security in the App Economy: Mobile Apps under Attack” (available here), these are some of the key findings:
92% of the top 100 Apple iOS (iPhone) paid apps and 100% of the top 100 Android paid apps have been hacked and repackaged.
Free apps have been hacked as well: 40% for iOS, 80% for Android (based on 15 apps that showed up for Apple and Android’s platforms).
All app categories have been hacked, which include reverse-engineering and code-tampering.
Traditional approaches to security do not protect against these new hacks.
The paper notes that app revenues are project to grow to $60 billion by 2016, with mobile payments to exceed $1 trillion. With such figures in hand, it’s understandable (from a purely financial sense) why hackers would want to get a sliver of that economic pie.
Bring Your Own Device Security
In an era where the ubiquity of mobile devices is kick-starting the BYOD trend, the use of mobile data security solution becomes paramount for the same reasons that full disk encryption was important for the security of laptop computers: ensuring that sensitive data is not accessed by unauthorized people.
And, just like in the previous mobile computing era — if we can call it that — we see that proper security will require not just technological approaches (FDE, mobile device security, app whitelisting, device encryption, etc.) but also “soft” solutions like employee education, acceptable use policies, and other “common sense” approaches.
Related Articles and Sites: