Rogue app stores are becoming a major concern for banks. While these app stores were once a fringe element, they are appearing on more and more smartphones across the globe. Many of these apps are available at no cost, and in some cases, they have the ability to steal mobile banking passwords and redirect text messages that contain passcodes. While it is no surprise that consumers are enticed by the lure of free programs, they are often unaware of the security issues that go hand in hand with these unlicensed and unapproved apps and their sources.
Reeling People In
Rogue apps are not doing much to be discreet. In fact, they exist in plain sight. These programs that are available to download free of charge, can steal mobile banking credentials, install adware and other malicious apps, mine bitcoins and do anything else that their creator wants them to do. The developers are even able to fool iOS and Android operating systems into believing they’re legitimate by stealing developer certificates from approved stores.
These rogue app stores operate in an ambiguous legal area, and consequently not easily fixable.
Scope of the Problem
Proofpoint analysts conducted research on its client companies and found that some 40% of employees had at least one app from the vShare marketplace on their company device. Customers in the survey included large banks and multiple Fortune 100 companies. While most app stores do their best to root out the majority of bad apps, it is nearly impossible at this point to root them all out. Unfortunately, some of the apps that make it into the app stores so questionable things with users’ information, including uploading a user’s contacts to a third party marketing firm.
A Low Priority
Banks have what seems like a never-ending list of security concerns. Incredibly, even within mobile banking, several threats are present. Some vulnerabilities exist, including mobile banking Trojans and other mobile malware. This being so, rogue app stores aren’t necessarily at the top of the list for concerns in the banking industry, at least not yet.
To read the entire article, please visit www.americanbanker.com.