Poor security awareness and an insatiable demand for mobile apps are placing US consumers’ identities and devices at risk.
A new nationwide survey commissioned by RiskIQ of 1 000 people across the country[1] reveals over one third (36%) of respondents do not consider an app’s details while nearly half (47%) never or only occasionally review the privacy policy and permissions requested by the app before downloading.
Such a carefree approach to mobile apps is leaving US consumers vulnerable to cyber criminals seeking to infect the mobile devices and steal information from unsuspecting victims.
In 2015, 45% of all transactions originated from the mobile channel while 61% of fraud attempts were made from a mobile device.
Despite the prevalence of malvertising as an attack vector, RiskIQ’s survey found that 66% of respondents have clicked on an advertisement promoting a mobile app, movie or game. This is followed by nearly two-thirds (60%) who have clicked on a link in an email, website or social media feed to download an app, movie or game.
Consumers’ propensity to click through without thoroughly inspecting details such as the developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps. Alarmingly, on more than one occasion, over one quarter (28%) have mistakenly installed an app in the belief that it originated from a trusted source, later to find out this was not the case.
Scott Gordon, chief marketing officer at RiskIQ, comments: “Not a day goes by without the news of yet another cyber attack or the emergence of a new threat vector. Unlike businesses that have become increasingly cyber security savvy, many consumers remain vulnerable in an ever sophisticated threat landscape. With the volume of personal information being requested and shared through mobile applications, it is time for consumers to improve their online behavior and step up security awareness.”
Generational and gender differences in mobile app and security behaviors are also apparent:
* Millennials are guilty of clicking before thinking, 37% have mistakenly installed an app they believed was from a trusted brand. In comparison, only 11% of seniors (60+) done so.
* 29% of millennials and Gen Xers have jailbroken their phones, citing the freedom to download and install what they want as the biggest factor (68%). Almost none of the seniors had done so, while 7% of baby boomers have.
* Four out of five millennials (81 percent) have clicked on an ad on their mobile promoting a mobile app, movie or game compared to 76% of Gen Xers, 54% of baby boomers and 32% of seniors.
* Over half of millennials and Gen Xers considered security when buying a new phone (56%) compared to 44% of baby boomers and 38% of seniors.
* A sixth of women (16%) never read a mobile app’s data and privacy policy or reviewed permissions requested compared to 9% of men.
* Women are less likely to install additional security software on their mobile phones (46%) compared to more than half of male respondents (62%).
* Women (41%) are less likely to consider security features when buying a new phone versus 64% of men.
“The vastness of the app store ecosystem provides the perfect place for malicious actors to hide, luring consumers into believing their apps are official or their brand affiliation is legitimate. With 4,6% of all apps in RiskIQ’s database blacklisted[2], consumers need to be educated about safe app and security behavior and put these measures into practice. Otherwise, there is a real risk of them falling victim to cybercrime,” says Brandon Dixon Dixon, vice-president of product at RiskIQ.