Mobile apps that handle confidential user information should run in a trusted environment — and we’re talking about more than just banking apps. Aside from money, cybercriminals also seek out loyalty program points, discount cards, cryptocurrency wallets, and more.
The creators of such apps can never know how protected a user’s device is or how prepared any users are for cyberthreats. Instead of simply hoping your customers use mobile security solutions, you can proactively equip your development with additional user-protection technologies. Here are our top 5 reasons to do so.
1. Malicious software
An ever-present threat, malware may come from whatever source the user uses to install apps on their phone or tablet. Even using official app stores is no guarantee of safety.
Attackers have become especially inventive in recent years, and modern spyware includes a range of advanced features. Depending on the variety, malware can intercept app notifications, text messages, PIN codes, and screen-lock patterns; steal 2FA codes for Google Authenticator and the like; and share what is happening on the victim’s screen in real time.
Malware capable of overlaying app windows with its own warrants a separate mention. Such programs can, for example, copy the interface of your solution and add fake login fields for stealing credentials.
2. Unknown Wi-Fi networks
You cannot know which networks app users will connect to. Just about every café and mode of transportation now offers its own Wi-Fi network to all and sundry, and anyone on the same network can try to intercept the data exchange between your app and the server, thus gaining access to the customer’s account. In some cases, cybercriminals set up their own wireless networks and deliberately leave them open to lure in users.
3. Remote access tools
An entire class of programs exists for the purpose of gaining complete control over users’ devices. RATs, or Remote Access Tools, are not necessarily malware (although some are) and may be included with legitimate apps. The access they provide can give cybercriminals remote access to the device, however, including the ability to change security settings, read any information on a device, and even use any app — including yours.
4. Browser vulnerabilities
In many cases, mobile apps are based on elements of a regular Web browser, plus or minus various functions. With browser engine vulnerabilities found regularly, mobile app developers periodically need to update their solutions. In the space between a vulnerability’s discovery and its fix, however, cybercriminals can try to attack through browser vulnerabilities in your app.
Cybercriminals include phishers, who send links to malicious sites by e-mail, messaging apps, and text messages. Of course, attackers can try to copy the website of any company, but if they happen to target your users, luring them to a website that looks like yours or sending messages that appear to come from your company, yours is the reputation that can get stained.
Why user protection is in your interest — and how to ensure it
Formally, the threats we’ve listed hurt end users, not the companies that provide apps — at least, directly. Dig just a bit deeper and application operator losses become very clear. After all, the more cyberincidents, the greater the load on technical support; and in complicated scenarios, cases can end up in court, where even if you are not guilty or culpable, defending yourself will nonetheless require significant amounts of money. In addition, even if you prove your case, you are likely to lose a client, or worse: In this age of social media, news of even one incident can spread quickly and cause serious damage to a company’s reputation. Playing it safe and ensuring protection of your customers in advance makes good sense.
Our arsenal includes Kaspersky Mobile Security SDK, for adding security features to any mobile app, an antivirus engine, and technologies with access to Kaspersky cloud services for real-time information about the reputation of files, Web pages, and public Wi-Fi networks. You can learn more about Kaspersky Mobile Security SDK on the solution's dedicated page.