Advertisment

Given the widespread use of smartphones, ensuring their security is crucial

Mobile apps are a weak link as they lack adequate protections, enabling hackers to obtain critical information used in back-end attacks.

author-image
Ayushi Singh
New Update
Tom Tovar CEO and Co founder Appdome

Mobile apps are a weak link as they often do not have adequate protections, enabling hackers to obtain critical information used in back-end attacks. Additionally, mobile apps themselves are often the targets of malware. 

Advertisment

The COVID-19 has disrupted daily life and emerged as one of the greatest health and economic difficulties in the world. Lock-downs were implemented by the majority of nations to stop the spread of coronavirus disease which altered our way of life.

The best methods for prevention at both individual and community levels are generally acknowledged to be those that involve staying at home and working from home. As a result of which the usage of of smartphones and increased immensely over the past few years and with excess usage of mobile apps there has been a hike in ransomware attacks also. One of the most common ways of ransomware attacks includes cybercriminals using various techniques to hack a victim's data and demand a ransom in exchange for not publishing or destroying it.

In today's world where mobile phones contribute to maximum online traffic, measures and practices implemented to protect mobile applications from unauthorized access, data breaches, and other security threats are necessary. Given the widespread use of smartphones and the sensitive information often stored or processed by mobile apps, ensuring their security is crucial.

Advertisment

Mobile apps are a weak link as they often do not have adequate protections, enabling hackers to obtain critical information used in back-end attacks. Additionally, mobile apps themselves are often the targets of malware. 

Mr. Tom Tovar, CEO and Co-founder at Appdome, a company that enables mobile app makers to add mobile malware prevention into their apps and the software development process directly shared his views on the same with VoicenData and discussed how Appdome helps prevent ransomware from attacking mobile apps. Have a look:

V&D- How does Appdome help prevent ransomware from attacking mobile apps?

Advertisment

Tom Tovar- Typically, ransomware attacks take place over an extended period and involve cybercriminals using various techniques to capture a victim's data and demand a ransom in exchange for not publishing or destroying it. To maximize the effect of their ransomware and increase their ROI, attackers use multiple attack vectors and methods, including exploiting mobile applications as a weak link to obtain server addresses, API keys and secrets, to obtain or forge SSL certificates, and to harvest other valuable information from the mobile app. Protecting mobile apps against data harvesting is one way to make it harder for ransomware hackers to launch successful attacks. Additionally, attackers may weaponize an app by creating a fake, clone, mod or (modified version) of a legitimate app with malware embedded into it and distributing it via app stores. To prevent this, Appdome protects apps against code injection, memory injection, tampering, repackaging and unauthorized redistribution via app stores. Attackers also use reverse engineering techniques to perform extensive research on a mobile app to find weak points to exploit, such as weak or no encryption, passwords in clear text, and hard-coded data stored inside the app. Finally, attackers use various methods and attacks to trick consumers into performing actions inadvertently, including AccessibilityService abuse, permission escalations, and overlay attacks. An Appdome-protected app can detect and protect against these attacks, safeguarding the end-user from malware and protecting the end user and the business against ransomware attacks.

V&D-What is Appdome’s approach to combining mobile app security and fraud prevention?

Tom Tovar- According to the Global Consumer Expectations of Mobile App Security survey, consumers do not make a distinction between mobile app security and fraud prevention. The survey found that 70.4% of consumers expect mobile apps to have anti-fraud and anti-malware protection in addition to login screen and data protection. Moreover, 62% of consumers consider both features and security equally important in their mobile experiences, while approximately 24% prioritize protection against on-device security threats, fraud, and malware over features. Indian brands in the banking, fintech, retail, travel, mhealth, and mobile gaming industries can achieve mobile app security, fraud prevention, and malware prevention through Appdome, which offers instant integration into their DevOps workflows without requiring coding or an SDK.

Advertisment

V&D-What are Appdome’s further Plans in India in terms of opportunities and challenges?

Tom Tovar-India and South Asia are currently experiencing the highest growth rate in the global digital economy. According to statistics, mobile accounts for 80% of online traffic in India, and 5% of the world's app downloads come from India. Furthermore, the revenue from mobile apps is predicted to rise from $2.7B USD in 2022 to $4.8B USD in 2027.

Mobile apps have become an essential tool for consumers globally, especially in financial transactions. However, consumers demand more protection in their mobile app experiences, according to Appdome's Global Consumer Expectations on Mobile App Security survey. Brands have invested heavily in automating the development and release of new versions of their apps, but mobile app security still takes a back seat to new features. Consumer feedback has made it clear that security is as important as new features.

Advertisment

Appdome, the only cyber defense automation platform that links to DevOps systems, simplifies the integration of security features directly into the mobile app development process, enabling app makers to enhance their app's security efficiently.

Indian banks, fintech, and other brands have expressed growing interest in developing superapps with transaction functionality. That's why Appdome is focusing on investing in South Asia.

V&D-Why should mobile security be a priority for DevSecOps?

Advertisment

Tom Tovar- Appdome allows Cyber and Dev teams to easily incorporate security measures earlier in the development process. DevOps teams have invested heavily in automating their mobile app build and release processes with tools like Jenkins, Azure DevOps, CircleCI, Bitrise, Github, and Gitlab. Developers prioritize Rapid and Agile releases, and integrating security measures into their existing DevOps workflows is crucial. To remain relevant in the DevSecOps world, Cyber teams must adopt best practices used by developers to build mobile app security. This involves triggering a security build using a simple API call within their existing workflow, allowing them to version their security model and react to ever-changing threats. The use of automation by attackers to target mobile apps makes it essential for brands to stay ahead by building security directly into their DevOps workflows and incorporating Appdome into their CI/CD pipeline.

V&D-Does Appdome also profile risk across the user session?

Tom Tovar-Appdome's Mobile Cyber Defense Automation platform empowers developers to incorporate over 150 security features into their app, guaranteeing comprehensive protection at all times. Additionally, with Appdome's ThreatScope Mobile XDR, cybersecurity teams can seamlessly integrate telemetry into mobile apps for continuous monitoring and swift threat detection. This real-time, continuous protection ensures the app remains safeguarded throughout user sessions.

Advertisment

V&D-Does Appdome allow mobile apps to identify the exact moment a user begins exhibiting malicious behavior?

Tom Tovar-As we mentioned, Appdome's ThreatScope Mobile XDR empowers cybersecurity teams by integrating telemetry directly into mobile applications, allowing for constant monitoring and prompt detection of threats and attacks. This uninterrupted and real-time protection guarantees the app's security throughout user sessions.

V&D-With so many fraud attacks and methodologies on the rise across the globe what are the ways in which one can recognize an attack and are there any basic fraud precautions you would suggest?

Tom Tovar-Regrettably, mobile users have limited options to safeguard themselves from modern attacks. The reality is that both mobile users and the cybersecurity teams responsible for their protection find themselves at a disadvantage, outmatched and overwhelmed by cybercriminals. These malicious actors possess exceptional organization, motivation, skill, and access to potent automation tools, readily obtainable in the market. This combination grants them the capability, strength, velocity, and dexterity to execute targeted attacks. The sole means of mounting a counteroffensive is through automation. Cyber defense automation offers benefits such as real-time threat detection, improved incident response, enhanced accuracy and consistency, increased scalability and coverage, time and cost savings, and proactive threat hunting. These advantages contribute to a stronger and more effective cybersecurity posture for organizations.

V&D-Does Appdome also contribute towards the identification of any tools in use that are typically associated with fraud?

Tom Tovar-Our dedicated cyber-research team consists of highly skilled security researchers who continuously monitor and remain up-to-date with the latest threats and tools employed by hackers. They actively engage in hacker forums and discussion groups to gather insights. Leveraging this knowledge, we identify new and emerging threats and swiftly integrate corresponding defenses into our SaaS platform. This ensures that every customer can promptly deploy the protection to their mobile apps through our cyber defense automation platform.

V&D-Please provide an overview of Appdome and its growth.

Tom Tovar-Appdome provides an automated solution for protecting the security of mobile apps. The Mobile Cyber Defense Automation platform of Appdome is a no-code solution that integrates with the CI/CD pipeline and allows businesses to add various security features like mobile fraud prevention, mobile malware prevention, and mobile app security to their Android or iOS apps, irrespective of the app framework. Appdome does not require any changes to the app, SDK, or manual coding, and building protections is instant. With Appdome, cyber teams can manage and control the security of their mobile apps with full visibility, and developers do not have to alter the app development process. Currently, there are over 1 billion Appdome-protected apps installed globally, and Appdome protections prevent an average of 43 million attacks and threats every month.

Advertisment