Boris Cipot, Senior Security Engineer At Synopsys Integrity Group Thoughts On Mobile Apps Safety And Red Flags Users

Rogue software posing as the original, legitimate piece of software with the intention of luring users to install it and therefore infect their computers is a common practice criminals use. With the most modern mobile devices, downloading and installing apps is essentially a 5-second act which makes the risk of installing malware even bigger if you’re not careful—once you’ve confirmed the install, it’s too late to change your mind.

The potential to use software and functionalities from millions of developers—and for free in many cases—is a widely accepted practice. With this there are also hidden dangers afoot. An attacker has access to many user interaction points. This can help them to promote malware to users. Since users often do not check details around what software is being used within the app and who created it, attackers have many opportunities to push their malware on user devices.

App stores make their best effort to promote software from developers, communities, and companies alike. Some have firm rules around software development principles and naming conventions (and more) minimising the likelihood of malicious actors’ ability to place rouge applications within app stores. However, not all stores enforce such stringent rules; thus, allowing an opening for attack.

One way to remain vigilant against attacks is to only use app stores with strict application development policies and reviews. Be observant and cautious with regard to what you install on your mobile devices. Before confirming installation, have a look to see where the app comes from, if there are reliable sources reviewing the app, and investigate the default permissions. For instance, if a flashlight app asks permission to access your contacts, this should raise red flags. In such a case, be safe and don’t confirm the install.―CT Bureau