Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps

Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News | September 11, 2013

We are always looking to expand the subject matter of our Hacker Hotshot web show series and our upcoming “Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps” is an excellent example of our broadening scope. Since we have never had a mobile application presentation we are particularly excited to invite Domingo Guerra to the show Friday September 27th at 1200 EST.

The Mobile Malware Situation: 2013
It’s not pretty. Mobile malware in the Android ecosystem has increased a staggering 40 percent in the last several months according to a report by Trend Micro (August 2013). The report clearly demonstrates that malicious malware apps are increasing, notably on the Google Android operating system. Figures indicate a rise to over 700,000 from 500,000 in the first quarter of 2013.

(All images are from the Trend Micro report, available here). (PDF)

The report, which is certainly worth a read if you are interested in the subject, outlines five main categories regarding the security of mobile web applications, they are: firstly, that threats are increasing in sophistication in being able to successfully bypass security measures. Banking malware receives a special mention as it evolves into a regional threat. Thirdly is the premise that social apps target a diverse range of platforms. Fourth is that software vendors are now actively more involved to pro-actively combat the malware threat and lastly the report takes a look at that growing threat from the corporate point of view.

A brief overview: “Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps”
By reading the above, we should all be left in no doubt that as desktop usage declines, mobile usage increases and so does the malware threat therein. The presentation is the result of exhaustive research by Appthority, the leader in App Risk Management, which analyzed over 2 Million apps for its enterprise and government customers!

If you are a security professional then mobile pentesting (and security) should be high on your radar screen – and this presentation will greatly aid your knowledge! Also, if you are a CTO, or CISO, then this is an important show for you to learn more how to toughen your corporate mobile profile.

Here’s what to expect in this Hacker Hotshot web show:

  • An overview of the current status of the app ecosystem in terms of security and privacy.
  • An explanation how security and privacy impacts organizations due to BYOD and Bring Your Own Apps.
  • The presentation will outline the difference in risky app behaviors and trends seen between free vs paid apps, iOS vs Android apps, and games vs business apps.

About Domingo Guerra
Domingo Guerra is the President and a founding member of Appthority: the Authority in App Security.

Domingo has Product Design & Development experience as well as New Product Introduction & Operations experience across multiple industries. As a Mechanical Engineer for Applied Materials (Semiconductor Manufacturing Industry), he led design and development projects in the Robotics space, securing two patents and winning multiple design awards. With Program & Project Management roles at Brocade Communications (Datacenter Networking Industry), Domingo led large cross-functional matrix teams in the introduction of both hardware and software enterprise products.

About Appthority
Appthority is a San Francisco based startup that helps the enterprise identify and manage the inherent risks involved within mobile apps. The team have developed a cloud-based Appthority Platform which automatically identifies and categorizes risky mobile behavior in apps including known and unknown malware. The platform also identifies risks associated with corporate data ex-filtration, and intellectual property exposure.

The Appthority Platform can also integrate with the enterprise’s existing mobile solutions by adding reputation and risk analysis capabilities to Enterprise Mobility Management (EMM), Mobile Device Management (MDM), Mobile App Management (MAM) Enterprise App Catalogs, and Enterprise Mobile App Developer’s Software Development Lifecycle (SDLC) process.

In summary
We are really looking forward to the talk. If you miss the presentation (September 27th) then please do still visit the page (link at the top of the page) since the show will be recorded and available for all without any registration. You might also be interested in a talk we had with Gary Warner titled: “Malware, Phishing: the Need for Intelligent Response” in which we also discussed the increasing mobile threat which seems to be targeting more Android than any other mobile OS.

As always, we greatly appreciate your feedback. Please leave a comment below or ask Domingo a question during the event through our live chat!

  • Ricardo

    You lump iOS mobile malware in with Android mobile malware.


    It’s like combining male breast cancer in with female breast cancer when doing an article on risks of breast cancer. You wouldn’t want people to come away feeling the risks are the same, would you?

Leave a comment or reply below...thanks!