The world today runs on smartphones. With accessibility going up and costs coming down, the smartphone market is thriving. When we factor in the advancements in technology that enable faster Internet access on smartphones, they become a very powerful medium to interact with people. Users are no longer happy with browser-based access to websites on their phones: They prefer specialized applications to get things done in a simpler and faster manner. This has led to the boom in the mobile apps development space.

Nowadays you have apps available for just about anything, including e-commerce, mobile wallets, banking, social, transportation and more. The high demand for apps has caused developers to churn them out at such a rapid pace that it has actually become difficult to keep track of the number of new programs being released each day. In the hurry to get apps to market, however, developers often overlook key security aspects that may leave apps vulnerable to breaches.

Securing Mobile Apps and Data

Take a look at the data to which these mobile apps have access on our phones. When installed, most ask for permission to access information such as location, contacts, messages, pictures, cameras, etc. We normally accept these terms and conditions with the assurance that apps are secure and our data will not be misused.

But what if these apps were hacked? It would leave critical personal and company data exposed. A recent survey found that 88 percent of corporate employees used personal devices to access official email, and 93 percent of enterprises have mobile devices connected to corporate networks. An Arxan study, the “State of Mobile App Security,” revealed that 97 percent of Android and 87 percent of iOS mobile apps have been hacked.

Watch the on-demand webinar: Shielding Mobile Apps From Fraud and Malware

There is no such thing as a free app. Developing mobile apps costs money, and that has to be recovered somehow. Even apps like games have access to information and can misuse personal data on your device.

Most mobile malware is hidden in application updates that get installed without much thought by the end users. Once they infect the device, they can access everything from calls, location data, cameras and even contacts. This makes it very important for enterprises to look into securing mobile apps and for organizations to put in place a comprehensive mobile security strategy to safeguard assets and intellectual property.

Today’s enterprises must be able to verify the security of their own in-house applications, while also enabling runtime risk detection, tamper resistance and enhanced control via white-listing or blacklisting outside applications. The big question is what enterprises can do to ward off these threats for malicious applications.

To Learn More

Watch the IBM on-demand webinar “Surviving the Mobile Phenomenon: Shielding Mobile Apps From Fraud and Malware” to hear mobile security experts discuss the current state of the mobile security market and threats facing the enterprise; share the four key imperatives that must be a part of a holistic mobile security strategy; and take a deep dive into the key imperative: safeguarding applications and data.

More from Endpoint

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…