While people often think of software and apps as being the same thing, they are not. Even when you use a certain type of software on your computer and an app for the same program on your phone, from a security standpoint they are two very different things. In one sense, apps have the potential to offer a greater level of security, but in another sense, they also have the potential to be a significant security threat.
Issues With Application Security
One thing that both apps and software have in common is that at any given time, there are thousands of developers working on both. Another thing they have in common is that not everyone that designs them has the best interests of the end-user in mind. The same way that any number of "free" software programs you can download on the internet are just delivery systems for all kinds of malware, the same is true of apps. One of the primary problems with apps, in particular, is that users have a tendency to assume that if they download them from a trusted source it automatically makes the app trustworthy. In fact, it does not.
For instance, if a user were to visit the Microsoft website, they would have a legitimate reason to assume that any software they downloaded from that site would be safe and free from malware. If, on the other hand, they simply Googled the type of program they were looking for and found a free version of it on a random website, most users would consider the software to be suspect and not download it.
The problem with apps is that they all come from an app store. This makes users assume they can trust any app found in the store. Unfortunately, this is not the case. There is a reason that Apple products are much less susceptible to worms, viruses and other types of malware. Apple works far more closely with their developers and applies much more stringent quality controls than Google or Windows does. Conversely, they also take a larger portion of the profits as well.
The trade-off between Apple products and Google or Windows products is that there are far fewer options available for Apple products but what options there are tend to be safer, more stable and more secure. Unfortunately, just because you download an app directly from the Google Play store does not ensure that it will be malware-free. In fact, in 2017, security researchers at Trend Micro found more than 800 malware -infected apps on the Google Play store. While Apple products may be much less susceptible to being infected with malware, even they are not completely immune.
Security Risks Associated With Apps
Devices today are similar to a set of keys that users use to access all of their most sensitive data and accounts. If someone were able to take control of a device, it would also give them almost complete and unfettered access to all of the device owner's accounts. At one time, mobile devices were considered nearly impervious to hacking but that is quickly changing, particularly with the onslaught of app-based malware. Unlike software programs, almost every business on the planet will soon have its own app. Needless to say, a restaurant or car wash is not going to develop their own app, they are going to hire someone to do it and that is where the problem comes in.
The truth is, the company that hires a developer to design an app for them will have very little understanding of how the app actually works. They are not personally going to be able to comb through lines of code to find potential malicious threats. In addition, when a developer creates an app for a business, the developer generally owns and maintains the final product. This means that developers can actually create apps for businesses that collect data from users that they can turn around and sell for a profit. If the data collection is ever discovered, it is the business that will be left holding the negative PR bag, not the developer.
Bad News For BYOD Businesses
Most businesses can't afford to buy their employees the latest tablets, smartphones, and devices, yet that is generally what most employees want to use. Thankfully, most employees are more than happy to use their own devices for business purposes. This has become such a common practice that it even has its own acronym: BYOD (Bring Your Own Device). The downside to this, however, is that employees are free to download whatever they want on their own personal devices, including potential malware. The malware they download on their personal devices then has the potential to infect or attack business files or services as well.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.