Mobile AppSec Imperative for 2021Posted by Brian Reed
As we prepare to enter 2021, mobile undoubtedly dominates all digital traffic and drives the global economy. As a result, mobile apps also have become a top target for attackers and a high-risk vector for users and organizationes alike. However, investment in mobile app security hasn’t kept pace with the market changes. In fact, Gartner has warned, “Through 2022, mobile application security failures will be the biggest mobile threat for enterprises.”
Mobile-first organizations have delivered new, unique experiences to increase engagement and time spent in apps. This digital transformation has spawned entirely new organizationes and disrupted traditional organizationes that now rely on mobile apps to unlock new revenue streams, improve customer engagement and empower remote work at anytime and anywhere. In order to succeed, companies must offer an innovative mobile app user experience combined with proper security and privacy protections.
The uptick of mobile apps has been dramatic! During 2020, time spent in mobile apps soared by 40% year over year in part due to the pandemic, ultimately strengthening user preference for mobile apps permanently. Mobile apps have generated an outstanding economic impact in 2020, posting the highest-ever consumer spend in mobile app stores overall up 25% YoY each quarter with $23.4bn in Q1, $23.3bn in Q2, and $28bn in Q3.
Track the latest mobile app usage and breaches in the news curated by NowSecure here.
Mobile Apps Dominate Digital Time and Customer Engagement
Mobile minutes increased to 79% of total digital minutes in 2020 and mobile apps account for 88% of all time spent on mobile, according to Comscore. The typical mobile user has at least 60 mobile apps and enterprises collectively have anywhere from hundreds to tens of thousands of mobile apps installed on their employees’ devices. Mobile apps frequently dominate usage thanks to convenient instantaneous access and ease of use for specific tasks. In addition, mobile apps take advantage of sensors, geolocation and other features to deliver unique experiences.
Here are some highlights of the dramatic increase in mobile app downloads and session time:
- Global weekly downloads of organization apps skyrocketed 240% from 33.3 million in October 2019 to 80 million in April 2020.
- 91% of Americans regularly use mobile apps for food delivery, groceries and alcohol.
- Banking investment app sessions surged by 88%, stock market trading apps rose by 80%, payment apps nearly doubled at 49% and banking app sessions increased by 29%.
- Global weekly downloads of video conferencing apps soared 10X from 4.8 million to 52.1 million.
- Consumers made 31% of digital retail purchases via mobile apps in 2020 and also purchased more frequently.
- Use of mobile app notifications grew 31% year-over-year in 2020.
Mobile App Security & Privacy Risk Is Real
The dramatic growth in mobile apps and mobile users has attracted the attention of attackers, cybercriminals and nation-state threat actors seeking to exploit security and privacy vulnerabilities. In some instances, organizations are unaware of the inherent risks of mobile apps, while others choose to prioritize other security and risk efforts which leaves their organizationes in peril.
“Mobile application security has become a tangible problem for enterprises. While mobile device security has not been a major source of preoccupation and breaches, mobile application security failures are increasingly responsible for fraud and enterprise breaches. Often, these are public facing apps that may be the primary or only way an organization is able to interact with its customers or partners. Because they can run on any mobile device, these apps are built to run in a hostile environment, under the control of an attacker. Security and risk management (SRM) leaders must protect mobile applications to enable the organization to advance toward its digital transformation.”
Gartner: Avoid Mobile Application Security Pitfalls. DZumerle. Published 27 July 2020 – ID G00730988
Here are a few lowlights of mobile application security breaches from just this year alone:
- The Walgreens mobile app leaked personal prescription data in March.
- Transit apps were compromised to track military and government employees termed “MalBus attack” in March.
- The mobile-only bank Dave leaked information about 3 million users in July.
- A Twitter for Android vulnerability allowed an attacker to access private Twitter data including direct messages for up to 10 million mobile users in August.
- 89% of Covid tracking apps leak data and 71% of 100 tested healthcare apps leak data.
- The mobile trading app Robinhood compromised data of 2,000 users in October.
Managing Mobile App Risk in 2021
Recognizing the inherent risks they have assumed in their mobilization efforts, forward-leaning organizations have already extended their enterprise risk management programs to include mobile app risk policy, governance and controls; but too many organizations have not. Organizations must factor regulatory fines, brand damage and revenue loss into the way they buy down the risk. A rigorous, consistent mobile application security and privacy testing and monitoring program can identify and minimize risks before they impact an organization’s assets and reputation.
Make sure that you are getting the most out of your security and privacy investments by investing in the areas that are most critical and introduce the most risk to your organization — mobile apps. The good news is that advances in mobile appsec technology make it significantly easier, faster and less expensive to secure mobile apps than traditional desktop and web apps.
NowSecure helps organizations effectively and efficiently manage their mobile enterprise risk across the apps they build and use. NowSecure provides a rich solutions portfolio including automated mobile app security and privacy testing tools, mobile risk monitoring with supply-chain mobile store app vetting, expert outsourced pen testing services, secure mobile development training and mobile security program development.
Contact us to learn more about how we can help you secure and manage your mobile risk in 2021.