Smartphones have given us instant access to a range of services from games and maps to taxi booking and banking through apps. With smartphone use increasing, app downloads are only set to increase at the same pace. But as the number of apps and smartphones grow they are becoming an attractive target for the criminal gangs behind PC scams who are looking to expand into mobile. For these gangs smartphones are attractive because they are tied into payment mechanisms such as premium SMS in ways that traditional PCs are not. Although the individual amounts may seem trivial, extracting £1 from a million users adds up.
Smartphones can be quite complex for some people to use and understand. The criminals know this and are looking to exploit it using social engineering attacks via SMS, Facebook and Twitter etc. to trick unsuspecting users into downloading apps from untrusted sources outside of the official app stores. Recent research from North Carolina State University found that 86% of Android malware was repackaged legitimate apps. This is because it's reasonably easy to download and modify legitimate apps by adding rogue code into them. Criminals can then relist them on unregulated app stores or promote them directly via social media, sharing money and leaking data to hackers.
As the scammers have moved "off market" they have altered their tactics. For example, there are a number of rogue apps that make dubious claims about being able to conserve your battery, that entice user to sign up to a premium SMS service for little or no improvement to their battery life. The scammers are using banner ads, or push notifications, within legitimate apps that have been deliberately designed to make them appear like genuine system updates, fooling unsuspecting users into downloading them.
The reality is that although many of us are concerned about our data being kept secure, we often ignore the 'annoying' requests for permissions which can give access to personal data when trying out a hot new app, particularly if it's free. But should it be down to the individual to ensure they're protecting themselves from these threats? When we asked, most people expected their mobile operator to keep their personal data secure. Threats are becoming increasingly sophisticated and while we all have a role to play in making sensible decisions to protect ourselves, operators have the tools to protect mobile users from threats that can compromise their personal data, location and financial details, like rogue apps. Users should look to them to provide bespoke security and education on how to protect themselves from the ever-changing threats.