ESET launches a new blog aimed at insecure Android apps

March 2019 Cyber Security

During the 2019 Mobile World Congress in Barcelona, ESET unveiled a new blog named Android App Watch to help Android users protect themselves against insecure applications.

“Insecurely developed apps, those that put their users’ privacy or money at risk are a growing problem. On one hand, such apps don’t qualify as malware and thus cannot be blocked by security solutions. On the other, the risk they pose may still be severe,” says Lukáš Štefanko, the ESET security researcher driving the project.

Typical examples of security risks associated with apps that are otherwise non-malicious are in app vulnerabilities or on their back-end servers, unencrypted communications between the app and its server, leaking sensitive information and data, bypassing app protection mechanisms, remote code execution or even SQL injection.

Ultimately, insecure apps are much harder to protect, while being no less of a threat. A poll organized by Štefanko via his Twitter handle, shows that users are aware of this. Of over 3200 participants, 78% think mobile users should be more afraid of insecurely developed apps, compared to the remaining 22% who think malware is a more significant threat.

Since insecure apps cannot be blocked by security solutions, it is up to users to protect themselves. The problem is that from the user perspective, it is hard to tell an insecure app from a secure one. No clear rules apply here because apps come in too many forms and flavors to fit into simple criteria or patterns.

What can help in such a situation is a healthy level of suspicion based on general knowledge about how apps are developed, what their business models are and what the overall Android ecosystem looks like.

The primary goal for the Android App Watch blog is to provide users with information and insight in order to make the right choices about their Android apps. Besides warning users about insecure apps and bad practices in the industry, the Android App Watch is also designed to help app developers.

“Before we publish our findings, we report them to the app’s developer, along with advice on how to fix them. Then we wait for the fix and evaluate it to see if it solves the problem,” explains Štefanko.

The ESET Android App Watch blog can be found at https://androidappwatch.eset.com/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Read more...
Building a Human Firewall
August 2019, Kaspersky Lab , Cyber Security, Training & Education
Riaan Badenhorst, general manager of Kaspersky in Africa answers some questions on the role of people in cybersecurity risks.

Read more...
Inundated with cyberattacks from all directions
August 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology.

Read more...
Under cyberattack
August 2019, Kaspersky Lab , Cyber Security, Residential Estate (Industry)
Cybersecurity is not something one usually associates with residential estates, but the threats from cybercriminals apply equally to estates as they do to businesses and the individual homeowner.

Read more...
Cyber tools and solutions
August 2019, Technews Publishing , Editor's Choice, Cyber Security, IT infrastructure, Residential Estate (Industry)
Hi-Tech Security Solutions looks at the various options we have when it comes to protecting yourself from the ever-growing scourge of cybercrime?

Read more...
Understanding the data protection requirements and how to comply for POPI or GDPR
July 2019 , Cyber Security, Security Services & Risk Management
For many companies that must comply with these legislations, the best way to prepare is to implement a solid data protection strategy that guards against loss of data.

Read more...
Going safely into the brave new world of 4IR
July 2019 , Industrial (Industry), Cyber Security
Put cybersecurity at the heart of industrial digitisation on the journey to 4IR.

Read more...
It’s not wise to go SIEMless
August 2019 , Cyber Security, Security Services & Risk Management
As with every other aspect of security today, information security, while the popular child in a dysfunctional family, is no longer enough.

Read more...
A one-size-fits-all approach won’t secure the IoT
August 2019 , News, Cyber Security
Securing the Internet of Things (IoT) is something which cannot be done with a one-size-fits-all approach, and every kind of connected object must be assessed individually.

Read more...
Cloud advantage or cost?
August 2019 , Cyber Security, IT infrastructure
No matter how you look at it, security in the cloud is as important as security in traditional data centres.

Read more...