How many apps have you installed on your smartphone?
Every one of us has several apps installed on our smartphones. There are millions of apps in the mobile app stores: 2,570,000 in Google Play Store; 1,840,000 in Apple App Store; 669,000 in Windows Store; 489,000 in Amazon Appstore, Statista-2020. These apps make our life easier, but they have not been developed with security in minds. As the information has increased in value, attackers’ capabilities have increased dramatically by developing an advanced attack method. The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message. Just a single message was enough to compromise his device. WhatsApp got hacked while it is one of the best apps in terms of security. What about the other millions of apps that are not as good as WhatsApp?
Why having so many apps is a problem?
As a matter of fact, not all mobile apps are built with security in mind. Developers usually focus more on the main functionalities and the ease of use more than the security, or they do not even know what to do to make their apps secure enough. Some new apps could be compromised using very old fashioned or naive attacks like (SQL injection, XSS attack, buffer overflow, etc). To gain a competitive advantage, an app could be released even before it passed a security test. Security solutions usually come after an incident has occurred. Every day new vulnerabilities get discovered in each of these apps, and only big companies release fast updates for fixing the discovered vulnerabilities.
A software vulnerability is usually: a security hole; a weakness found in an operating system; a weakness found in a software program. Once a vulnerability is discovered in a mobile app, there are thousands of ways to exploit it. Usually, hackers exploit this vulnerability by crafting a code to target a specific weakness in the operating system or a specific program, which is packaged into malware. With no action on user part other than opening a compromised message, playing infected media, or viewing a website these exploits can infect their devices. Once it infects the device, this malware allows the attacker to gain control over the victim device, steal data, and use it in an abnormal way. An infected device could be used to compromise a complete organization.
What is the solution?
Using smart devices and the Internet is indispensable for everyone, therefore, security awareness is a must. Security awareness is an important part of security aspects as it focuses on raising awareness of users about the possible threats that may affect the user life and privacy. Security awareness is to stop for a moment to think or schedule a task, to perform it efficiently and in safe conditions. It is knowing how to avoid damage to people and/or property, adopting a safe behavior. Regarding the issue mentioned above, there are several ways to be more secure as in the following:
-
Uninstall any unused application. keep only those that you use more often.
-
Keep your system and all your apps up to date.
-
Use an antivirus.
A valuable study has been conducted at KFUPM University about the use of antivirus products and installing updates. The results show that users are not fully aware of what makes them secure.
Only 31.9% of participants install the updates as soon as the learn of them. This means about 68% are vulnerable to zero-day attack. About 17.4% rarely or never install updates. Regarding the use of antiviruses, about 47.7% of users stopped using antivirus, and here are the top three reasons behind that:
-
Using antivirus software was inconvenient.
-
I do not have anything valuable on my computer or mobile phone, so I do not need antivirus software.
-
I saw or read the information that I should not be using antivirus software.
In conclusion, you should know that the probability of being hacked increases as the number of used apps increases. Being security aware does not mean you are completely secure, however your awareness minimizes the probability of being hacked. Remember, keep only the apps that you use more often, keep them all up to date and keep using antivirus software.
