Almost half do not scrutinise app details, 60 per cent rarely review permissions being requested before download
With 3.8 million cyber-crime offences reported in the UK last year, cyber criminals are capitalising on consumers’ poor security awareness. Despite the prevalence of malvertising as an attack vector, RiskIQ’s survey found that 45 per cent have clicked on an advertisement promoting a mobile app, movie or game. This is followed by over a third (37 per cent) who have clicked on a link in an email, website or social media feed to download an app, movie or game. Consumers’ propensity to click through without thoroughly inspecting details such as the developer, last version update and any reviews, increases their risk of downloading counterfeit or malicious apps. Alarmingly, on more than one occasion, one in ten (12 per cent) have mistakenly installed an app in the belief that it originated from a trusted source later to find out this was not the case.
Colin Verrall, VP EMEA, RiskIQ comments, “Unlike businesses that are becoming increasingly mobile security savvy, many consumers remain unaware and vulnerable. Given the volume of personal information being requested and shared through mobile applications, the need for better mobile security awareness has never been greater.”
Generational and gender differences in mobile app and security behaviours are also apparent:
Generational differences – Millennials more vulnerable
- Millennials are guilty of clicking before thinking, 14 per cent have mistakenly installed an app they believed was from a trusted brand. In comparison, seniors (60+) have never or rarely done so
- 13 per cent of millennials have jailbroken their phones, citing the freedom to download and install what they want as the biggest factor (73 per cent). Almost none of the seniors had done so, while 10 percent of Gen Xers and 3 per cent of baby boomers have
- Over half of millennials (56 per cent) have clicked on an ad on their mobile promoting a mobile app, movie or game compared to 51 per cent of Gen Xers, 38 per cent of baby boomers and 25 per cent of seniors
Women at greater risk
- Women are less likely to install additional security software on their mobile phones (39 per cent) compared to more than half of male respondents (53 per cent)
- Women (28 per cent) are less likely to consider security features when buying a new phone versus 39 per cent of men
“The vastness of the app store ecosystem provides the perfect place for malicious actors to hide, luring consumers into believing their apps are official or their brand affiliation is legitimate. RiskIQ works with many major organisations to police their apps and brands across hundreds of different app stores but it’s no replacement for consumer vigilance. With the number of blacklisted apps** doubling between 2015 and 2016, it’s time for consumers to up their ‘security awareness’ game”, concludes Verrall.
 Office of National Statistics, Crime Survey of England and Wales, July to June 2016
Notes to editor
* The Mobile Apps survey, conducted by Ginger Comms on behalf of RiskIQ in March 2017, sourced answers from 1,016 nationally representative UK adults aged 18 and above.
** RiskIQ research on mobile apps affiliated with top UK brands across 150 different app stores.
RiskIQ is a cybersecurity company that helps organizations discover and protect their external-facing known, unknown, and third-party web, mobile, and social assets. The company’s External Threat Management platform combines a worldwide proxy and sensor network with synthetic clients that emulate users to monitor, detect, and take actions against threats. RiskIQ is used by thousands of security analysts including many from the Fortune 500 and leading financial institutions to protect their digital assets, users, and customers from external security threats. The company is headquartered in San Francisco, California, and backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures. Information security professionals can sign up for a fully functioning trial version of PassiveTotal for free by visiting www.riskiq.com/whats-new-passivetotal.
To learn more about RiskIQ, visit www.riskiq.com.
0203 861 3901