Cyber-Risks Hiding Inside Mobile App Stores

As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.

Mobile devices – pervasive in the workplace, heavily used, and often unregulated – present a wealth of opportunity to cybercriminals aiming to access employees sensitive information.
The mobile threat landscape is always shifting, says Jordan Herman, researcher at RiskIQ, which recently published its Mobile Threat Landscape Q1 2019 report. Researchers scanned more than 120 app stores and nearly 2 billion resources to detect mobile apps in the wild. In the past four quarters, RiskIQ has categorized 8 million mobile apps, of which 217,982 were blacklisted.
A rush of apps continues to flood mobile marketplaces. In the first quarter of 2019, RiskIQ saw 2.26 million new apps, nearly 6% more than the fourth quarter of 2018. Given the sheer size, scope, and complexity of the global app ecosystem, its tough for organizations to monitor their mobile presence and protect customers and employees from an evolving range of threats.
The fact that it changes from quarter to quarter goes to show how many different ways there are to attack mobile, Herman says. Mobile is so ubiquitous and so ingrained in our day-to-day lives that threat actors can target users in hundreds of ways and keep trying until something works. Threats range from fake antivirus apps to phishing attempts to Magecart incidents.
As Herman points out, there are several ways to develop and distribute malicious apps. Some may sign up the user for paid subscription services without the users knowledge, granting the developer monetary gain. Others may steal personal data that can be used for identity theft. Some may try to disguise themselves as popular apps, while yet others may appear benign (a flashlight app, for example) but request excessive permissions to steal data stored on the phone.
Following three consecutive quarters of decline, the number of blacklisted apps rose 15% between the fourth quarter of 2018 and the first quarter of 2019. Google Play had 1.4 million apps – more than three times that of the Apple App Store – and accounted for 58% of all blacklisted apps in 2018. The next highest blacklisted store was 9Apps, which made up about 19% of the blacklist total. Feral apps (those listed on the open Web) accounted for nearly 9% of blacklisted mobile apps.
But Google Play is falling as a hot spot for malicious applications: The number of blacklisted apps in the store fell for the second consecutive quarter, down nearly 64% since Q3 2018. Our data indicates Google is getting better at policing the Play store, Herman says. Rogue apps still appear given Android is the worlds most popular mobile platform and the Play store is more open to developers, but new app stores are emerging with far more malicious intent.
Inside Malicious Apps
After Google Play, which had nearly 38,000 blacklisted apps between the fourth quarter of 2018 and the first quarter of 2019, 9Game was the second most blacklisted store. Most (96%) of the applications on 9Game.com and 30% of apps in Vmallapps were blacklisted,
RiskIQ reports
.
Our data indicates that Google is getting better at policing the Play store, Herman says. The company regularly removes blacklisted apps and does so quickly once the apps are identified.
9Game appears to be a wholly malicious store, with nearly every app requesting permission for the camera, location data, Wi-Fi, file system, Internet, and settings. With these permissions, any app downloaded from the store has full reign over the device that installed it. The app can install more malicious apps without the users knowledge and send anything it finds on the phone wherever it wants. AndroidAPKDescargar is another example of a malicious store; it targeted Spanish-speaking Android users and was the most blacklisted app store in 2017.
Whether an application is obviously malicious depends on the developers sophistication and users awareness. Some malicious apps require permissions far beyond their function – for example, a flashlight app that requires GPS or microphone access. This is seemingly obvious; however, an app with hidden code that changes settings or downloads malware may not be.
When Good Apps Go Bad
Mobile apps created with good intentions can prove harmful if theyre not properly developed. Positive Technologies explores this further in its Vulnerabilities and Threats in Mobile Applications 2019 report,
also released
this week. High-risk vulnerabilities were found in 38% of iOS apps and 43% of Android apps. Insecure data storage, detected in 76% of mobile apps overall, was the most common issue. Most (89%) vulnerabilities can be exploited remotely.
Leigh-Anne Galloway, Positive Technologies cybersecurity resilience lead, points to top security flaws: incorrect session termination, by which an attacker can access a users session after they log out; insecure interprocess communication, by which user data can be accessed; and the absence of Certificate Pinning, which allows a man-in-the-middle attack with fake certificates.
Mobile device users data is at risk, she adds, as 71% of mobile apps leave information exposed to unauthorized access. Most vulnerabilities appear at the design stage of the application, before writing the code, and they can be fixed only by making changes to the code, Galloway explains, adding that unauthorized access to user data is the most common mobile app threat.
While the report often distinguishes between iOS and Android apps, its not worth thinking about the security of specific platforms, she adds. Most flaws (74% in iOS apps and 57% in Android apps) are related to the shortcomings of protection mechanisms that arise during the design phase.
Developers do not provide security when planning functionality, she explains. So when developing an application, many security platform capabilities are simply not used or are used incorrectly. This contributes to similar vulnerabilities appearing in an app across platforms.
Related Content:
7 Truths About BEC Scams
Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential
The Hunt for Vulnerabilities
Inside the FBIs Fight Against Cybercrime

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cyber-Risks Hiding Inside Mobile App Stores