April 8, 2020
Be Wary of App Security Risks in the Era of Social Distancing
Kiran Karri contributed to this blog
Mobile apps can deliver a sense of normalcy in these uncertain times. From delivery services like DoorDash and Instacart to rideshare services like Uber and Lyft or money transfer services like Venmo and PayPal, each of these apps enables our community to continue to function. Importantly each has a digital payment component, and each has security controls.
Likewise, most major healthcare brands, insurance providers and financial services offer a mobile app with digital payments and security controls. But now many smaller brands may be looking for new ways to remain engaged with their users, consumers and clients. Mobile apps represent one way to remain efficient and productive, even as we stay safer at home.
For businesses rushing to stand up new mobile apps, or to integrate digital payments into existing apps, it is important to realize the risk they present to their organization and consumers if they don’t embed effective security controls. Adversaries are looking for vulnerabilities to exploit in order to steal valuable information, such as usernames and passwords, account verification details, personal information, and financial information. This information can be used to commit financial fraud, and identity theft in addition to account takeover that enables a pivot into additional attacks. Any one of these attacks can erode user trust, at a time when trust is one of our most valuable commodities.
Cyberattackers targeting mobile apps are changing the behavior of the app through sophisticated malware, screen overlay attacks, device rooting and reverse engineering techniques. App developers may be implementing basic security techniques, such as app hardening to protect their code from being reverse engineered, or encryption to protect data at rest and in transit. These techniques are also referred to as ‘inside-out’ protection and do not fully protect users from the entire spectrum of mobile risk. A comprehensive end-to-end mobile application protection is needed to protect sensitive customer data from being compromised.
The solution must include continuous protection from threats, including malicious apps, banking trojans, advanced non-persistent device attacks, screen overlays attacks, fake keyboards, and network attacks. Threat detection needs to be paired with remediation capabilities so that after a threat is detected it can be corrected. For example, threat detection may identify a trojan or a bot attempting to access its app, and remediation will enable that connection to be terminated and for the consumer to be alerted.
Lookout App Defense provides comprehensive in-app protection with a security architecture that combines the best of cloud-based and on-device detection and is specifically optimized for the mobile environment. This approach delivers the most secure threat detection, the fastest time-to-protection, and has a lower impact on device performance compared to approaches that depend solely on device-based analysis.
App developers can easily add the Lookout App Defense SDK library during the app development process with in-app protection, enabling the app to leverage the power of threat data from the Lookout Security Cloud to protect individuals and organizations from data compromise when conducting even the most sensitive transactions.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization