Mobile apps are supposed to make life easier, but some might be doing more harm than good.
The surge in the popularity of mobile apps and advancements in technology that make it easier to create apps, has ushered in a new era of scams and fraudulent activity that target smartphone and tablet users.
“Consumers love apps and because so many consumers want apps, that’s where the bad guys are going,” says Lou Manousos, founder and CEO of mobile application security company RiskIQ. “Online fraud is shifting over to mobile app fraud.”
Scams Currently Hitting the Market
App fraud comes in many different forms, but the end goal is the same: to steal money or personal information from an unsuspecting app user.
According to Manousos, the scams aren’t always about malicious malware. For instance, consumers may unwittingly download an app that is specifically designed to look like a bank’s mobile banking app or a popular game, but it’s really a clone that can pilfer users’ contacts or send out a paid SMS text.
“Instead of reaching into your bank account, they are reaching into your pocket and stealing $1.50,” says Manousos. “Do that a million times and they are making some real money.”
In another scam, scammers are modifying existing apps and injecting a malicious code in to the app itself, explains Mark Wuergler, senior security researcher at security assessment and penetration company Immunity Inc. This type of scam is particularly worrisome because users are downloading an app from a trusted source and have no idea malicious code is being executed in the background, he says.
“A lot of the motivation behind injecting code into apps is identity theft or somehow financial. It could be something as simple as advertising.”
Apple says it vets apps before releasing them to consumers, but researchers at Georgia Tech found this doesn’t make apps safe as they were able sneak a malware-infested app into the tech titan’s app store.
“It is always dangerous any time you add something new to your device,” says Jason Glassberg, cofounder of security company Casaba. “Anytime you download anything to your phone there’s an element of risk.”
How to Reduce Your App Risk
Security risks will always be around with apps, but users can take some precautions to lower their risk exposure.
Glassberg says one of the most important things consumers can do is keep their apps and operating systems current. “Malicious apps take advantage of older versions of browsers or operating systems. When there is a flaw found the app releases an update right away. If you don’t update your phone you will be vulnerable.”
Because consumers can never be 100% sure an app is secure, Glassberg also recommends researching an app before purchasing it. If it’s fraudulent or doesn’t do what’s promised, chances are a quick web search will yield warnings and complaints. “People don’t hold back,” he says. “There are plenty of forums and informational websites.”
An app will disclose which features of a phone it needs to function. So if a game apps says it needs excess to a user’s contacts, that should be a major red flag, says Wuergler, noting that consumers should check the permissions before downloading any app.
At the end of the day, the only way mobile phone users can completely protect themselves is to use their device as a phone and nothing else. Since that is not realistic, experts say consumers have to apply common sense and be aware there’s a risk every time they download a new app.
“The phone controls everything about your life. It can open your car, arm your security system, do online banking and contact everyone you know,” says Wuergler. “It’s the optimal target for an attacker to gain access to you no matter what the motivation is.”