Security Breach: How Mobile Apps Can Threaten Your Private Information
Your smartphone might not be as secure as you think, even if you lock your phone and have a mobile security app.
June 1, 2017
Risking Your Privacy: The Truth About Mobile Security Apps
Have you ever worried about the security of the apps on your smartphone? If you have, you're not alone. If you haven't, either you feel you have a mobile security app that you believe can protect your data or it never occurred to you that your device can be compromised by malware or other cyber criminal activity.
There are two important truths that all mobile users need to face about smartphone security. The first is that your device - no matter its make, model, design or OS platform - can be infected by viruses, malware and other threats that can put your private information at risk. The second is that many mobile security apps are not as effective as you might think.
Security threats in app stores
Don't assume that every application in an app store is secure. In fact, according to an Arxan study, most applications contain significant vulnerabilities. What's more, the vast majority of apps have vulnerabilities with two or more of OWASP (Open Web Application Security Project) Top 10 Mobile Risks. This list includes risks such as Improper Platform Usage, Insecure Data Storage, Insecure Authentication, etc.
That being said, on the whole, Apple's App Store typically has a better security track record than Android's Google Play. The reason is that the App Store has basic levels of security and enables users to determine how much access each app they download has to their personal information. For instance, if you were to download Apple's HealthKit, you would be able to determine which of the apps in the kit are permitted to access your personal health information.
On the other hand, Android tends to have a higher security risk compared to Apple and the main reason is due to the fact that Android's requirements are more lax. According to the co-author of the Android Hacker's Handbook, Zach Lainer, Android users can unwittingly put themselves at risk by checking a box in their Google Play security settings that allows apps from "Unknown Sources". This is an easy way to open up your phone to all sorts of problems.
That being said, both paid and free apps of all operating systems have had their fair share of security breaches. Research from Arxan found that 56% of the top 100 paid apps and 53% of popular free apps on iOS have been hacked while 100% of the top 100 paid apps and 73% of the most popular apps on Android have been hacked. Not a comforting thought.
Not all anti-virus and malware apps are created equal
Think you've made the best security mobile app discovery in the App Store or Google Play because the app has high download numbers and an overall good user rating? Think again. According to Austrian-based independent testing lab, Anti-Virus Comparative, even highly rated security apps in the Google Play store failed to offer user's basic protection against common threats
This was learned after the Anti-Virus Comparative conducted a large-scale evaluation of security apps that were available in Google Play's tools section. Nearly all the 100 apps that were tested had user-ratings higher than 4 stars and many also had high download numbers. Yet, when tested, the anti-malware app effectiveness for many of these highly-rated applications, proved to be lacking.
In one of the company's blogs, Anti-Virus Comparative CEO Andreas Clementi said that "This test shows clearly that when it comes to security, users cannot rely on numbers of downloads or user ratings to determine how effective an app is."
The lab tested the 100 top-rated apps against 1,000 pieces of Android malware that was present in 2016. According to the independent testing lab, the best apps should be able to achieve 100% detection rates. Those that scored less than 30% on common Android threats are considered by the lab "to be unsafe and completely unacceptable." Only 24 of the 100 apps tested scored a 100% success rate. Among these included WhiteArmor, McAfee, One App, Psafe, Quick Heal, Trend Micro, Total Defense, Tencent, Avast, AVG, etc.
What can you do to protect yourself?
Here's some quick app security tips that you can put into practice:
Only download apps from a developer you trust.
Never download apps from "Unknown Sources"
Investigate the developer's credibility
Ensure the apps on your phone are always up to date with the latest bug fixes
Keep your device's operating system up to date
Back up your data
Turn off your Wi-Fi and Bluetooth when not in use