Articles about website spoofing, cybersecurity trends, and how to protect your customers from hackers.
With an exponential increase in third party app store user downloads on the horizon, heeding Apple’s sideloading warnings are more important than ever.
The National Telecommunications and Information Administration’s recently published report “Competition in the Mobile Application Ecosystem” calls for Apple and Google to allow people to download apps outside of their official app stores. The goal is “open[ing] the app ecosystem to greater competition, innovation and potential benefits for users and developers,” claiming that the market is “not a level playing field, which is harmful to developers and consumers”
The EU’s recent Digital Markets Act, which becomes applicable in May 2023, will also require gatekeepers such as mobile platforms to allow end users to download apps from alternative app stores other than, for example, only the Google Play or Apple App Store.
These recent developments may be a win for developers and consumer choice alike. However, brands need to also be aware that it will likely increase the prevalence of unauthorized, if not malicious, mobile apps impersonating those of trusted brands.
Sideloading is the download and installation of apps from alternative app marketplaces other than a platform’s official app store. Apple’s iOS 17 will likely launch in September 2023, and it’s been reported that iOS 17 will support sideloading, at least in Europe. While the tech companies themselves seem to be complying, the concerns they have communicated for years over marketplace security are more relevant than ever.
Many developers like the idea that they may soon be able to distribute their iOS apps without having to pay 15-30% of their annual sales to Apple. Fraudsters are also likely salivating knowing that increased consumer comfort with downloading apps from third-party marketplaces means they will have expanded their hunting grounds for tricking people into downloading fake mobile apps.
It remains to be seen what level of scrutiny third-party app marketplaces will apply to mobile apps submitted for publishing on their platforms. At Allure Security we regularly find unauthorized or potentially malicious mobile apps published on alternative app stores.
The fact of the matter is, things are going to get worse before they start to get better.
With more alternative app stores coming online and more consumers downloading apps from third-party marketplaces, fraudsters see emerging marketplaces as prime real estate to publish fake mobile apps impersonating trusted brands.
This is particularly tough for brands, given how much of a challenge searching for impersonations already is. Each day – billions of Facebook posts are published, 100s-of-millions of Tweets are sent, millions of LinkedIn updates are posted, 100s-of-thousands of new websites go live. Any one of the billions of daily activities occurring online could be a malicious brand impersonation.
And then, consider the thousands of mobile apps released on official app stores each day. That doesn’t include third party marketplaces. So, we can expect that the number of mobile app releases — authorized or not — is poised to increase exponentially. There is already too much content published each day to try and manually monitor for online brand impersonation attacks targeting your brand and your customers across websites, social media networks, and mobile app marketplaces. With Apple allowing sideloading, the volume of content that needs review will only increase. Any brand hoping to mitigate the potential damage of a fake mobile app abusing their brand will need to automate monitoring for these threats.
While the Apple App Store and Google Play app review processes aren’t completely foolproof, at Allure Security we find a wide range in the scrutiny various third-party marketplaces apply to the apps they publish. Some marketplaces do inspect apps for appropriate security controls and intellectual property infringements. Others don’t review published apps at all.
The risks of third-party mobile app marketplace to your brand include:
Posted by Mitch W