A new report from security company FireEye, based on analysis of over seven million mobile apps during 2014, reveals that mobile users are being targeted from a number of directions.
Risks on the Android platform include malicious apps that steal information once installed, legitimate apps written insecurely by developers, legitimate apps using insecure but aggressive ad libraries, malware and aggressive adware that passes Google Play checks and is assumed to be safe, identity theft, and premium rate phone and SMS fraud.
Whilst malware on the iOS platform is still comparatively rare due to stricter app store review processes, there are other risks. The report identifies a new delivery channel for iOS malware that is able to bypass the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers have uncovered more than 1,400 iOS apps publicly available on the internet -- signed and distributed using enterprise provisioning profiles -- that introduce security issues.
FireEye's director of technology Jason Steer writing on the company's blog says, "Apps are the future for online experiences to complete our jobs, shop, bank, use social media and many other purposes in modern daily life. Our mobile devices are also the most important piece of equipment we have today; they contain our diaries, contacts, emails, photos, videos, employer information and many other pieces of important and sensitive information. Yet our mobile devices still do not have sufficient security to ensure they, and the information they contain, are secure".
Apps are the main source of threat which means consumers and enterprises need to understand their behavior and the risks they may present. Legitimate app stores work hard to identify harmful content but Steer warns, "Third-party app stores, while providing app content not available elsewhere, provide a safe harbor for many more malicious apps to be available".
The full report is available to download from the FireEye website.
Photo Credit: style-photography.de/Shutterstock